Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4178
Views
5
Helpful
2
Replies

Disable NTP Readvar Queries

imuonagor
Level 1
Level 1

‎08-20-2014 04:36 AM - edited ‎03-04-2019 11:34 PM

We have a vulnerability that requires we "disable NTP readvar queries" on a Cisco ASR with IOS v15.1.

Not sure how to go about this. The report recommends that we add "restrict default mask 0.0.0.0 noquery" to the file: /etc/ntp.conf.

We can't find this file (/etc/ntp.conf) on the Cisco ASR router.

Will appreciate some help. Thanks in advance.

1 person had this problem
Labels:
0 Helpful
2 Replies 2

dclangst1
Level 1
Level 1

‎11-26-2014 02:18 PM

I know this is a 3 month old post BUT, I got the same report from our security office.  The remidation steps apply to linux hosts, not really to routers.  I just restricted NTP to only the NTP servers we use.  I created an acl with the hosts in it then used ntp access-group peer ACL.  That should stop it from responding to queries or control from NTP servers other than the ones in the ACL and sync time with them.

ridho.antoro
Level 1
Level 1
In response to dclangst1

‎05-19-2015 10:34 PM

Thank you for your advice, it worked like a charm and the vulnerability is gone.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card