Re: HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

OGA1 · ‎03-02-2018

Hello,

When I made a scan with nessus scanner, we have this medium risk:

Risk: Medium

Application: ntp

Port: 123

Protocol: udp

ScriptID: 97861

Synopsis:

The remote NTP server responds to mode 6 queries.

Description:

The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP

amplification attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 query, to cause

a reflected denial of service condition.

Solution:

Restrict NTP mode 6 queries.

5.0

CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Plugin Output:

Nessus elicited the following response from the remote

host by sending an NTP mode 6 query :

'processor, system="/", leap=0, stratum=6, precision=-20,

rootdelay=89.881, rootdisp=186.125, refid=10.56.36.7,

reftime=0xde43c58d.f4ccc634, clock=0xde43c5c9.bb616b2e, peer=46269,

tc=6, mintc=3, offset=2.284, frequency=-20.303, sys_jitter=6.497,

clk_jitter=1.453, clk_wander=0.014'

Did you have a solution for restrict NTP mode 6 queries ?

Thanks.

parnassus · ‎03-04-2018

What exact Comware software version is actually running on your HPE 5510 48G 4SFP+ HI 1-slot Switch (SKU: JH146A)?

I'm not an HPE Employee

OGA1 · ‎03-05-2018

Hello,

The version is:

Boot image: flash:/5510hi-cmw710-boot-r1309.bin
Boot image version: 7.1.070, Release 1309
Compiled Jul 21 2017 16:00:00
System image: flash:/5510hi-cmw710-system-r1309.bin
System image version: 7.1.070, Release 1309
Compiled Jul 21 2017 16:00:00

Thanks.

parnassus · ‎03-09-2018

What's the output of display ntp-service status and display ntp-service sessions commands? There is an entire Chapter dedicated to configuring NTP (named "Configuring NTP") on the HPE FlexNetwork 5510 HI Switch Series Network Management and Monitoring Configuration Guide...

I'm not an HPE Employee

OGA1 · ‎03-12-2018

Hello,

This the result of the commands:

<5510>display ntp-service status
Clock status: synchronized
Clock stratum: 6
System peer: 10.xx.xx.7
Local mode: client
Reference clock ID: 10.xx.xx.7
Leap indicator: 00
Clock jitter: 0.013672 s
Stability: 0.000 pps
Clock precision: 2^-20
Root delay: 76.99585 ms
Root dispersion: 209.64050 ms
Reference time: de50c0d6.a3ffa273 Mon, Mar 12 2018 10:03:18.640
System poll interval: 64 s
<5510>display ntp-service sessions
source reference stra reach poll now offset delay disper
********************************************************************************
[12345]10.xx.xx.7 10.xx.xxx.241 5 255 64 7 14.100 2.1972 19.271
Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.
Total sessions: 1

Thanks.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries