Project

General

Profile

Actions
Copy link

Bug #3496

closed

NTP monlist Command Enabled

Added by Gerrit Helm about 11 years ago. Updated about 11 years ago.

Status:
Rejected
Priority:
High
Assignee:
-
Category:
-
Target version:
-
Start date:
03/02/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

Description
The version of ntpd on the remote host has the 'monlist' command enabled. This command returns a list of recent hosts that have connected to the service. As such, it can be used for network reconnaissance or, along with a spoofed source IP, a distributed denial of service attack.

Solution
Switch 'enable monitor' in /var/etc/ntpd.conf to 'disable monitor'

See Also
http://bugs.ntp.org/show_bug.cgi?id=1532
https://isc.sans.edu/diary/NTP+reflection+attack/17300

Actions
Copy link
 #1

Updated by Jim Pingle about 11 years ago

  • Status changed from New to Rejected

Duplicate of #3384, already fixed.

Actions
Copy link

Also available in: Atom PDF