HPE 1920 Switch: Vulnerability NTP Mode 6 Scanner Error Message
Vulnerability NTP mode 6 scanner error message
Device: HPE 1920 Switch JG927A
Firmware : 5.20.99 Release 1120
Configure NTP access control
You can control NTP access by using an ACL. The access rights are in the following order, from least restrictive to most restrictive:
Peer—Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) and allows the local device to synchronize itself to a peer device.
Server—Allows time requests and NTP control queries, but does not allow the local device to synchronize itself to a peer device.
Synchronization—Allows only time requests from a system whose address passes the access list criteria.
Query—Allows only NTP control queries from a peer device to the local device.
The device processes an NTP request, as follows:
· If no NTP access control is configured, peer is granted to the local device and peer devices.
· If the IP address of the peer device matches a permit statement in an ACL for more than one access right, the least restrictive access right is granted to the peer device. If a deny statement or no ACL is matched, no access right is granted.
· If no ACL is created for a specific access right, the associated access right is not granted.
· If no ACL is created for any access right, peer is granted.
This feature provides minimal security for a system running NTP. A more secure method is NTP authentication.
Example ACL: ACL to allow only specific network to syn with NTP .
acl number 2001
rule 0 permit source 192.168.1.0 0.0.0.255
rule 5 deny source any
ntp-service access synchronization 2001
NTP authentication configuration:
# Enable the NTP service.
[DeviceB] ntp-service enable
# Enable NTP authentication on Device B.
[DeviceB] ntp-service authentication enable
# Set an authentication key, and input the key in plain text.
[DeviceB] ntp-service authentication-keyid 42 authentication-mode md5 simple aNiceKey
# Specify the key as a trusted key.
[DeviceB] ntp-service reliable authentication-keyid 42
# Specify Device A as the NTP server of Device B, and associate the server with key 42.
[DeviceB] ntp-service unicast-server 126.96.36.199 authentication-keyid 42