Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ntp mode 6 vulnerability

GaryMorris123
Joining in

on ‎11-11-2022 19:56

I need serious help. Just got a letter from Virgin saying that all my devices are at risk from malware and I don't know how to rectify it. I'm getting a new equipment bundle tomorrow so I may not have to do anything? I'm scared

0 Kudos
5 REPLIES 5

Alex_RM
Forum Team
Forum Team

on ‎14-11-2022 13:49

Hi GaryMorris123,

Thanks for posting and welcome to our community 🙂

You should find details of what to do within the letter you've received.

If you need any further help let us know.

Alex_Rm

0 Kudos

ac951
Joining in

on ‎28-11-2022 13:27

I got the same email.

I had indeed set up a new firewall appliance near the time so the email caught my attention, the weird thing was that port 123 (NTP) was not open on my WAN -  so I'm not even sure how VM have detected the vulnerability....you can check the port here: https://canyouseeme.org/

I ran a Nessus scan on my LAN and found it flagged the NTP6 vulnerability for the firewall appliance:

ac951_0-1669641954127.png

so I put in a rule on all my LAN interfaces to block this port and the nessus scan no longer flagged the vulnerability - so I've left it at that.

I've yet to actually get through to someone in Virgin Media to confirm if this has fixed the issue.

0 Kudos

Tudor
Very Insightful Person
Very Insightful Person
In response to ac951

on ‎28-11-2022 14:39

I doubt you will get any confirmation from VM, they use an outside company for these scans. If you do not get another letter you will know it’s fixed.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
0 Kudos

bowie_p
Joining in

on ‎22-02-2023 15:02

I've had the same letter, I assume after setting up some new wifi boosters.

The letter says to sort it out go to the website and the instructions are as follows;

NTP Mode 6 Vulnerability Alert

 

You can run the following command to check your server for the NTP Mode 6 & open NTP monlist vulnerabilities:

ntpq -c rv [IP]

If you see a response, your server may be used in attacks.

How to solve an NTP Mode 6 vulnerability

The easiest way to deal with the NTP vulnerability is to configure your firewall to block port 123. You should also upgrade your software to NTP-4.2.7p26 or later.

 

I don't know how to do any of that.... 🙄 'run the following command...ntpq -c rv [IP]' RUN IT HOW?!? I'm on a Mac.

So yeah, pretty stumped.

 

0 Kudos

legacy1
Alessandro Volta
In response to bowie_p

on ‎22-02-2023 15:16

Just disable UPnP on the hub and reboot
---------------------------------------------------------------

BQM, Test for outgoing ports and SSL/L2TP VPN test

0 Kudos
Top