Comware

 View Only
last person joined: 3 days ago 

Back to discussions
Expand all | Collapse all

HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

This thread has been viewed 0 times

  • 1.  HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

    Posted Mar 02, 2018 08:57 AM

    Hello,

    When I made a scan with nessus scanner, we have this medium risk:

    Risk: Medium

    Application: ntp

    Port: 123

    Protocol: udp

    ScriptID: 97861

    Synopsis:

    The remote NTP server responds to mode 6 queries.

    Description:

    The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP

    amplification attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 query, to cause

    a reflected denial of service condition.

    Solution:

    Restrict NTP mode 6 queries.

    5.0

    CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

    Plugin Output:

    Nessus elicited the following response from the remote

    host by sending an NTP mode 6 query :

    'processor, system="/", leap=0, stratum=6, precision=-20,

    rootdelay=89.881, rootdisp=186.125, refid=10.56.36.7,

    reftime=0xde43c58d.f4ccc634, clock=0xde43c5c9.bb616b2e, peer=46269,

    tc=6, mintc=3, offset=2.284, frequency=-20.303, sys_jitter=6.497,

    clk_jitter=1.453, clk_wander=0.014'

    Did you have a solution for restrict NTP mode 6 queries ?

    Thanks.

     

     

     


    #NTP


  • 2.  RE: HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

    MVP GURU
    Posted Mar 04, 2018 09:21 AM

    What exact Comware software version is actually running on your HPE 5510 48G 4SFP+ HI 1-slot Switch (SKU: JH146A)?



  • 3.  RE: HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

    Posted Mar 05, 2018 04:49 AM

    Hello,

    The version is:

    Boot image: flash:/5510hi-cmw710-boot-r1309.bin
    Boot image version: 7.1.070, Release 1309
      Compiled Jul 21 2017 16:00:00
    System image: flash:/5510hi-cmw710-system-r1309.bin
    System image version: 7.1.070, Release 1309
      Compiled Jul 21 2017 16:00:00

    Thanks.

     



  • 4.  RE: HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

    MVP GURU
    Posted Mar 10, 2018 02:43 AM

    What's the output of display ntp-service status and display ntp-service sessions commands? There is an entire Chapter dedicated to configuring NTP (named "Configuring NTP") on the HPE FlexNetwork 5510 HI Switch Series Network Management and Monitoring Configuration Guide...



  • 5.  RE: HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A / Risk Medium NTP mode 6 queries

    Posted Mar 12, 2018 05:11 AM

    Hello,

    This the result of the commands:

    <5510>display ntp-service status
     Clock status: synchronized
     Clock stratum: 6
     System peer: 10.xx.xx.7
     Local mode: client
     Reference clock ID: 10.xx.xx.7
     Leap indicator: 00
     Clock jitter: 0.013672 s
     Stability: 0.000 pps
     Clock precision: 2^-20
     Root delay: 76.99585 ms
     Root dispersion: 209.64050 ms
     Reference time: de50c0d6.a3ffa273  Mon, Mar 12 2018 10:03:18.640
     System poll interval: 64 s
    <5510>display ntp-service sessions
           source          reference       stra reach poll  now offset  delay disper
    ********************************************************************************
    [12345]10.xx.xx.7      10.xx.xxx.241      5   255   64    7 14.100 2.1972 19.271
    Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.
     Total sessions: 1

    Thanks.