We just had an internal security scan run and the Nessus software found this vulnerability on our Juniper EX4200 switches running Junos 15.1R7.9. We do point all of our Juniper switches to our internal ntp server via this command.
ntp {
server 10.121.125.101 prefer;
}
Can I somehow fix this so these switches do not respond to this NTP query? We do sit behind a firewall that should mitigate that ability for someone to run an attack but I still thing it is important to rectify this issue.
Description
The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP amplification attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 query, to cause a reflected denial of service condition.
Solution
Restrict NTP mode 6 queries.
See Also
Output
Nessus elicited the following response from the remote host by sending an NTP mode 6 query : 'version="ntpd 4.2.0-a Tue Sep 11 05:30:54 2018 (1)", processor="powerpc", system="JUNOS15.1R7.9", leap=0, stratum=5, precision=-18, rootdelay=158.158, rootdispersion=201.049, peer=15396, refid=10.121.125.101, reftime=0xe07f4739.426e96ba, poll=10, clock=0xe07f4ad5.c89721cd, state=4, offset=-2.686, frequency=-37.253, jitter=13.382, stability=0.321'