Menu
Reply
  • 7
  • 0
  • 0
bigkam
Joining in
2,049 Views
Message 1 of 10
Flag for a moderator

NTP Mode 6 vulnerability

Hi I have recently received a NTP Mode 6 vulnerability  letter. Not sure what this is about.

It then forward me onto following website virginmedia.com/ntpmod6 which then sens me to openNTPProject.org.  This advises me to run the following command ntpq -c rv 192.0.2.1. It adds if you receive a response your server may be used in attacks.

I have an apple MacBook pro and when I run this from terminal it says timed out, nothing received  Request timed out.

Does this mean I'm ok? Not sure what else to check.

0 Kudos
Reply
  • 34
  • 0
  • 10
monkehfu
On our wavelength
2,031 Views
Message 2 of 10
Flag for a moderator

Re: NTP Mode 6 vulnerability

Do you use anything like a NAS, or HDD attached to a router, or anything like a locally hosted web server?
Which VM modem/router are you using?
0 Kudos
Reply
  • 7
  • 0
  • 0
bigkam
Joining in
2,023 Views
Message 3 of 10
Flag for a moderator

Re: NTP Mode 6 vulnerability

No I don't think so only thing attached to router is powerline adapter and Apollo cctv.  Router is super Hub 3

0 Kudos
Reply
  • 1.43K
  • 154
  • 458
Superuser
Superuser
2,006 Views
Message 4 of 10
Flag for a moderator

Re: NTP Mode 6 vulnerability

bigkam, the ntpq command needs to be run against your cable modem's public IP address and from a location external to your local area network. You can use GRC's ShieldsUP! service to scan your public IP address for NTP service here.

FYI, typing ip in your favoured search engine may return you public IP address in addition to results, for example, in Bing.

0 Kudos
Reply
  • 7
  • 0
  • 0
bigkam
Joining in
2,004 Views
Message 5 of 10
Flag for a moderator

Re: NTP Mode 6 vulnerability

Hi I used my IP and it gave thr same  message. Also did it via your suggestion of GRC ShieldsUP and the result says its closed. What does all this mean?

0 Kudos
Reply
  • 1.43K
  • 154
  • 458
Superuser
Superuser
2,002 Views
Message 6 of 10
Flag for a moderator

Re: NTP Mode 6 vulnerability

 The closed status means the port is not accepting connections.

When you used your public  IP with the ntpq command did you do it from outside of your local network?

0 Kudos
Reply
  • 7
  • 0
  • 0
bigkam
Joining in
1,999 Views
Message 7 of 10
Flag for a moderator

Re: NTP Mode 6 vulnerability

I did it from my terminal server on my macbook where else  am i suppose to do it

0 Kudos
Reply
  • 7
  • 0
  • 0
bigkam
Joining in
1,997 Views
Message 8 of 10
Flag for a moderator

Re: NTP Mode 6 vulnerability

What i want to know is am i vulnerable for NTP Mode 6 as the lette suggested or not

0 Kudos
Reply
  • 1.43K
  • 154
  • 458
Superuser
Superuser
1,994 Views
Message 9 of 10
Flag for a moderator

Re: NTP Mode 6 vulnerability

The GRC status of closed indicates you are not vulnerable however to be sure run the ntpq command from another network against your IP address.

I posted the following here but it is just as applicable to your post:

Reflection and amplification attacks are not designed to break the security of the device, they take advantage of its open services.

FYI, a reflection and amplification attack is where a spoofed IP address is used by the attacker to send a small amount of data to devices that are running open name services like mDNS which respond back (reflection) to the spoofed IP address of the target with more data (amplification) than that received. The result is the victim servers are overwhelmed by the volume of data from name server queries they did not make.

0 Kudos
Reply
  • 7
  • 0
  • 0
bigkam
Joining in
1,992 Views
Message 10 of 10
Flag for a moderator

Re: NTP Mode 6 vulnerability

Ok thanks

0 Kudos
Reply