Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NTP Mode 6 Vulnerability

Go to solution
stonerja
Joining in

on ‎20-03-2023 14:52

Hi, All.

I have received a few emails / letters about the NTP Mode 6 Vulnerability. Apparently my network is at risk as NTP port is open.

My Virgin Hub 3 is in modem mode as I'm using a Cisco ISR1100 as the router.

I have blocked the NTP port as per the config below but Virgin are still sending me emails / letters advising me to block it. 

Have I done this wrong?

Surly I only need to block it inbound?

router#show ip access-lists WAN-INBOUND
Extended IP access list WAN-INBOUND
10 deny tcp any any eq 123 (21 matches)
15 deny udp any any eq ntp (4 matches)
20 permit ip any any (134716425 matches)

router#show run int Gi0/0/0
Building configuration...

Current configuration : 184 bytes
!
interface GigabitEthernet0/0/0
description ## VMB - WAN ##
ip address dhcp
ip nat outside
ip access-group WAN-INBOUND in
negotiation auto
no cdp enable

Thank you,

James Stoner.

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Client62
Hero

on ‎20-03-2023 15:00


Try using GRC ShieldsUP

If you probe port 123 ( NTP ) does it appear to still be open on the public IP.

https://www.grc.com/x/ne.dll?bh0bkyd2

See where this Helpful Answer was posted

0 Kudos
5 REPLIES 5

Go to solution
Client62
Hero

on ‎20-03-2023 15:00


Try using GRC ShieldsUP

If you probe port 123 ( NTP ) does it appear to still be open on the public IP.

https://www.grc.com/x/ne.dll?bh0bkyd2

0 Kudos

Go to solution
stonerja
Joining in
In response to Client62

on ‎20-03-2023 15:10

Hi, 

Thanks for the quick response.

The test comes back with 'The equipment at the target IP address did not respond to our UPnP probes!'.

I guess this means NTP is blocked.

Am I safe to ignore the letters?

Thank you,

James Stoner

0 Kudos

Go to solution
Client62
Hero
In response to stonerja

‎20-03-2023 15:15 - edited ‎20-03-2023 15:19

We have a Hub 3 in Router mode, I'm not getting these letters.

In the image below I have probed just Port 123 and this is the response that does not concern VM.

Either Stealth or Closed is fine.   

( replaced the image as it showed our IP and that could have been redacted by the Mod Team )

Client62_0-1679325493049.png

 

 

0 Kudos

Go to solution
stonerja
Joining in
In response to Client62

on ‎20-03-2023 15:43

I've re-run the test for just port 123 and its showing Closed in status. 

Thanks for the help.

Thank you,

James Stoner.

0 Kudos

Go to solution
legacy1
Alessandro Volta
In response to stonerja

on ‎20-03-2023 18:10

Wouldn't port 123 and this being NTP be UDP?
---------------------------------------------------------------

BQM, Test for outgoing ports and SSL/L2TP VPN test

0 Kudos
Top