Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4581
Views
0
Helpful
1
Replies

NTP Packets triggering "unknown device event type"

HEATH FREEL
Level 1
Level 1

‎04-09-2012 06:03 AM

Lately I have begun to recieve a number of "Unknow Device Event Type" alerts from our MARS Server accross a number of different IPS all located in different networks. Not sure why these appear to be triggered with a Risk Rating between or 77 or why MARS can't figure out what they are!!!

Both Source and Destination Ports are UDP 123 and the actuall event in the IPS is "NTP MODE_PRIVATE Denial of Service". id1090

Any ideas.

Labels:
0 Helpful
1 Reply 1

mark.barrett
Level 1
Level 1

‎04-09-2012 02:47 PM

It appears to be a new signature from S639 released a few days ago. Although, the vulnerability itself is not new.

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=1090&signatureSubId=0&softwareVersion=6.0&releaseVersion=S639

http://www.kb.cert.org/vuls/id/568372

0 Helpful
Customers Also Viewed These Support Documents