Topic
1 reply Latest Post - ‏2014-06-24T10:47:08Z by Eve582
VytautasBertašius
VytautasBertašius
1 Post
ACCEPTED ANSWER

Pinned topic AMM ntp vulnerability

‏2014-05-16T09:23:28Z |

Hi.

We have bladecenter chasis s, with AMM module which has external routable IP address.

We got repot from our ISP, that AMM IP has  UDP based NTP amplification vulnerability (https://www.us-cert.gov/ncas/alerts/TA14-013A).
Ant it is used for DDOS attack.

I have upgraded AMM firware to version BPET66D. Change log claims:

- Fixed an NTP vulnerability.

 

Also i have disabled NTP protocol via AMM web interface MM control => Network Protocols => network time protocol

But we still geting these reports about vulnerability.

And amm stil responds to query:
ntpdc -c monlist {IP}

So it is still vulnarable.

How can we fix that?
How to completely disable NTP service on AMM module?
 

  • Eve582
    Eve582
    1 Post
    ACCEPTED ANSWER

    Re: AMM ntp vulnerability

    ‏2014-06-24T10:47:08Z  in response to VytautasBertašius

    The latest version of NTP server is 4.2.7p445, which fixes the monlist DDOS attack vulnerability. However, this release of NTP is still a development version and not a production release. As I understand it, the latest production release of NTP is 4.2.6p5 (dated 2011/12/24) is still vulnerable to the monlist attack. My view is that I would rather stick with a known stable version of the NTP distribution and configure it to stop the use of monlist than use a development version of NTP that may not be wholly reliable.

    Andy
    TimeToolsGlobal