08-20-2014 04:36 AM - edited 03-04-2019 11:34 PM
We have a vulnerability that requires we "disable NTP readvar queries" on a Cisco ASR with IOS v15.1.
Not sure how to go about this. The report recommends that we add "restrict default mask 0.0.0.0 noquery" to the file: /etc/ntp.conf.
We can't find this file (/etc/ntp.conf) on the Cisco ASR router.
Will appreciate some help. Thanks in advance.
11-26-2014 02:18 PM
I know this is a 3 month old post BUT, I got the same report from our security office. The remidation steps apply to linux hosts, not really to routers. I just restricted NTP to only the NTP servers we use. I created an acl with the hosts in it then used ntp access-group peer ACL. That should stop it from responding to queries or control from NTP servers other than the ones in the ACL and sync time with them.
05-19-2015 10:34 PM
Thank you for your advice, it worked like a charm and the vulnerability is gone.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide