on 20-03-2023 14:52
Hi, All.
I have received a few emails / letters about the NTP Mode 6 Vulnerability. Apparently my network is at risk as NTP port is open.
My Virgin Hub 3 is in modem mode as I'm using a Cisco ISR1100 as the router.
I have blocked the NTP port as per the config below but Virgin are still sending me emails / letters advising me to block it.
Have I done this wrong?
Surly I only need to block it inbound?
router#show ip access-lists WAN-INBOUND
Extended IP access list WAN-INBOUND
10 deny tcp any any eq 123 (21 matches)
15 deny udp any any eq ntp (4 matches)
20 permit ip any any (134716425 matches)
router#show run int Gi0/0/0
Building configuration...
Current configuration : 184 bytes
!
interface GigabitEthernet0/0/0
description ## VMB - WAN ##
ip address dhcp
ip nat outside
ip access-group WAN-INBOUND in
negotiation auto
no cdp enable
Thank you,
James Stoner.
Answered! Go to Answer
on 20-03-2023 15:00
Try using GRC ShieldsUP
If you probe port 123 ( NTP ) does it appear to still be open on the public IP.
https://www.grc.com/x/ne.dll?bh0bkyd2
on 20-03-2023 15:00
Try using GRC ShieldsUP
If you probe port 123 ( NTP ) does it appear to still be open on the public IP.
https://www.grc.com/x/ne.dll?bh0bkyd2
on 20-03-2023 15:10
Hi,
Thanks for the quick response.
The test comes back with 'The equipment at the target IP address did not respond to our UPnP probes!'.
I guess this means NTP is blocked.
Am I safe to ignore the letters?
Thank you,
James Stoner
20-03-2023 15:15 - edited 20-03-2023 15:19
We have a Hub 3 in Router mode, I'm not getting these letters.
In the image below I have probed just Port 123 and this is the response that does not concern VM.
Either Stealth or Closed is fine.
( replaced the image as it showed our IP and that could have been redacted by the Mod Team )
on 20-03-2023 15:43
I've re-run the test for just port 123 and its showing Closed in status.
Thanks for the help.
Thank you,
James Stoner.
on 20-03-2023 18:10