Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Network Time Protocol (NTP) Mode 6 Query Response Check
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Checks if the remote Network Time Protocol (NTP) service has responded to Mode 6 Queries.
Insight
Insight
If a service supporting NTP is publicly accessible and is responding to Mode 6 Queries it can participate in an Amplification based Distributed Denial of Service (DDoS) attack. An Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible NTP services to overwhelm a victim system with response traffic. The basic attack technique consists of an attacker sending a valid query request to a NTP service with the source address spoofed to be the victim's address. When the Memcached server sends the response, it is sent instead to the victim. Attackers will typically first inserting records into the open server to maximize the amplification effect. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim. By leveraging a botnet to perform additional spoofed queries, an attacker can produce an overwhelming amount of traffic with little effort. Additionally, because the responses are legitimate data coming from valid clients, it is especially difficult to block these types of attacks.
Solution
Solution
The following mitigation possibilities are currently available: - Generally disable public access to the UDP port of this NTP service. - Only allow Mode 6 queries by trusted clients / networks.