Introduction : This article talks about resolving the NTP vulnerability on Airwave
Configuration Steps : We might get the below information when we run a Nessus scan against AirWave.
The remote network time service could be used for network reconnaissance or abused in a distributed denial of service attack.
The version of ntpd on the remote host has the 'monlist' command enabled. This command returns a list of recent
hosts that have connected to the service. As such, it can be used for network reconnaissance or, along with a spoofed
source IP, a distributed denial of service attack.
If using NTP from the Network Time Protocol Project, either upgrade to NTP 4.2.7-p26 or later, or add 'disable
monitor' to the 'ntp.conf'
configuration file and restart the service. Otherwise, contact the vendor.
CVSS Base Score
CVSS Temporal Score
Publication date: 2014/01/02, Modification date: 2014/01/13
Nessus was able to retrieve the following list of recent hosts to
connect to this NTP server
How can we fix this?
Login to CLI of Airwave as root and add the following line into /etc/ntp.conf:
restrict default noquery
Restart ntpd (service ntpd restart)