Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

OGA1
Visitor

HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

Hello,

When I made a scan with nessus scanner, we have this medium risk:

Risk: Medium

Application: ntp

Port: 123

Protocol: udp

ScriptID: 97861

Synopsis:

The remote NTP server responds to mode 6 queries.

Description:

The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP

amplification attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 query, to cause

a reflected denial of service condition.

Solution:

Restrict NTP mode 6 queries.

5.0

CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Plugin Output:

Nessus elicited the following response from the remote

host by sending an NTP mode 6 query :

'processor, system="/", leap=0, stratum=6, precision=-20,

rootdelay=89.881, rootdisp=186.125, refid=10.56.36.7,

reftime=0xde43c58d.f4ccc634, clock=0xde43c5c9.bb616b2e, peer=46269,

tc=6, mintc=3, offset=2.284, frequency=-20.303, sys_jitter=6.497,

clk_jitter=1.453, clk_wander=0.014'

Did you have a solution for restrict NTP mode 6 queries ?

Thanks.

 

 

 

4 REPLIES
parnassus
Honored Contributor

Re: HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

What exact Comware software version is actually running on your HPE 5510 48G 4SFP+ HI 1-slot Switch (SKU: JH146A)?

OGA1
Visitor

Re: HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

Hello,

The version is:

Boot image: flash:/5510hi-cmw710-boot-r1309.bin
Boot image version: 7.1.070, Release 1309
  Compiled Jul 21 2017 16:00:00
System image: flash:/5510hi-cmw710-system-r1309.bin
System image version: 7.1.070, Release 1309
  Compiled Jul 21 2017 16:00:00

Thanks.

 

parnassus
Honored Contributor

Re: HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

What's the output of display ntp-service status and display ntp-service sessions commands? There is an entire Chapter dedicated to configuring NTP (named "Configuring NTP") on the HPE FlexNetwork 5510 HI Switch Series Network Management and Monitoring Configuration Guide...

OGA1
Visitor

Re: HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

Hello,

This the result of the commands:

<5510>display ntp-service status
 Clock status: synchronized
 Clock stratum: 6
 System peer: 10.xx.xx.7
 Local mode: client
 Reference clock ID: 10.xx.xx.7
 Leap indicator: 00
 Clock jitter: 0.013672 s
 Stability: 0.000 pps
 Clock precision: 2^-20
 Root delay: 76.99585 ms
 Root dispersion: 209.64050 ms
 Reference time: de50c0d6.a3ffa273  Mon, Mar 12 2018 10:03:18.640
 System poll interval: 64 s
<5510>display ntp-service sessions
       source          reference       stra reach poll  now offset  delay disper
********************************************************************************
[12345]10.xx.xx.7      10.xx.xxx.241      5   255   64    7 14.100 2.1972 19.271
Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.
 Total sessions: 1

Thanks.