Topic
  • 1 reply
  • Latest Post - ‏2014-06-24T10:47:08Z by Eve582
VytautasBertašius
VytautasBertašius
1 Post

Pinned topic AMM ntp vulnerability

‏2014-05-16T09:23:28Z | amm ntp vulnerability

Hi.

We have bladecenter chasis s, with AMM module which has external routable IP address.

We got repot from our ISP, that AMM IP has  UDP based NTP amplification vulnerability (https://www.us-cert.gov/ncas/alerts/TA14-013A).
Ant it is used for DDOS attack.

I have upgraded AMM firware to version BPET66D. Change log claims:

- Fixed an NTP vulnerability.

 

Also i have disabled NTP protocol via AMM web interface MM control => Network Protocols => network time protocol

But we still geting these reports about vulnerability.

And amm stil responds to query:
ntpdc -c monlist {IP}

So it is still vulnarable.

How can we fix that?
How to completely disable NTP service on AMM module?
 

  • Eve582
    Eve582
    1 Post

    Re: AMM ntp vulnerability

    ‏2014-06-24T10:47:08Z  

    The latest version of NTP server is 4.2.7p445, which fixes the monlist DDOS attack vulnerability. However, this release of NTP is still a development version and not a production release. As I understand it, the latest production release of NTP is 4.2.6p5 (dated 2011/12/24) is still vulnerable to the monlist attack. My view is that I would rather stick with a known stable version of the NTP distribution and configure it to stop the use of monlist than use a development version of NTP that may not be wholly reliable.

    Andy
    TimeToolsGlobal