NTP BUG 3118: Mode 6 unauthenticated trap information disclosure and DDoS vector
Last update: February 15, 2022 20:59 UTC (43fbd379b)
An exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of
ntpd. If, against long-standing BCP recommendations,
restrict default noquery ... is not specified, a specially crafted control mode packet can set
ntpd traps, providing information disclosure and DDoS amplification, and unset
ntpd traps, disabling legitimate monitoring. A remote, unauthenticated, network attacker can trigger this vulnerability.
- Implement BCP-38.
restrict default noquery ... in your
- Upgrade to 4.2.8p9 or later.
- Properly monitor your
ntpd instances, and auto-restart
-g) if it stops running.
This weakness was discovered by Matthew Van Gundy of Cisco.