DX Unified Infrastructure Management

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

The ntp_response probe has not been updated since Jan. 2017.

You would have to request an enhancement.

How to raise an enhancement request for UIM

Steve

------------------------------
Support Engineer
Broadcom
US
------------------------------

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US
------------------------------

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

Already did stephen 

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

great, ask others to vote it up! and please open a case as well.

------------------------------
Support Engineer
Broadcom
US
------------------------------

Original Message:
Sent: Jan 20, 2023 07:32 AM
From: Nijin K
Subject: ntp probe security flaw

Already did stephen

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

Stephen 

case opened and closed with same statement that this requires enhancement but no update on enhancement made me search for workaround or other ways to monitor ntp jitter between serer and network device.

So is there any way to speed up this process

regards
nijin
Original Message:
Sent: Jan 20, 2023 07:34 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

great, ask others to vote it up! and please open a case as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:32 AM
From: Nijin K
Subject: ntp probe security flaw

Already did stephen

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

The case should not be closed as this does represent a security flaw. What is the case number? I will reach out to our security SME as well.

------------------------------
Support Engineer
Broadcom
US
------------------------------

Original Message:
Sent: Jan 20, 2023 07:54 AM
From: Nijin K
Subject: ntp probe security flaw

Stephen

case opened and closed with same statement that this requires enhancement but no update on enhancement made me search for workaround or other ways to monitor ntp jitter between serer and network device.

So is there any way to speed up this process

regards
nijin
Original Message:
Sent: Jan 20, 2023 07:34 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

great, ask others to vote it up! and please open a case as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:32 AM
From: Nijin K
Subject: ntp probe security flaw

Already did stephen

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

Never mind, I found it. Case 33273686 DE550309

------------------------------
Support Engineer
Broadcom
US
------------------------------

Original Message:
Sent: Jan 20, 2023 07:56 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

The case should not be closed as this does represent a security flaw. What is the case number? I will reach out to our security SME as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:54 AM
From: Nijin K
Subject: ntp probe security flaw

Stephen

case opened and closed with same statement that this requires enhancement but no update on enhancement made me search for workaround or other ways to monitor ntp jitter between serer and network device.

So is there any way to speed up this process

regards
nijin
Original Message:
Sent: Jan 20, 2023 07:34 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

great, ask others to vote it up! and please open a case as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:32 AM
From: Nijin K
Subject: ntp probe security flaw

Already did stephen

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

Stephen 

Will raising this as defect speed up a new release for this issue with NTP ?

Regards
Nijin
Original Message:
Sent: Jan 20, 2023 08:40 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Never mind, I found it. Case 33273686 DE550309

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:56 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

The case should not be closed as this does represent a security flaw. What is the case number? I will reach out to our security SME as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:54 AM
From: Nijin K
Subject: ntp probe security flaw

Stephen

case opened and closed with same statement that this requires enhancement but no update on enhancement made me search for workaround or other ways to monitor ntp jitter between serer and network device.

So is there any way to speed up this process

regards
nijin
Original Message:
Sent: Jan 20, 2023 07:34 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

great, ask others to vote it up! and please open a case as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:32 AM
From: Nijin K
Subject: ntp probe security flaw

Already did stephen

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

Im working on it, will let you know after my discussion with our Security team.

------------------------------
Support Engineer
Broadcom
US
------------------------------

Original Message:
Sent: Jan 20, 2023 08:40 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Never mind, I found it. Case 33273686 DE550309

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:56 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

The case should not be closed as this does represent a security flaw. What is the case number? I will reach out to our security SME as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:54 AM
From: Nijin K
Subject: ntp probe security flaw

Stephen

case opened and closed with same statement that this requires enhancement but no update on enhancement made me search for workaround or other ways to monitor ntp jitter between serer and network device.

So is there any way to speed up this process

regards
nijin
Original Message:
Sent: Jan 20, 2023 07:34 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

great, ask others to vote it up! and please open a case as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:32 AM
From: Nijin K
Subject: ntp probe security flaw

Already did stephen

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

Hi Stephen

Have you got any update on this from security Team?

Regards
Nijin


Original Message:
Sent: 1/20/2023 9:35:00 AM
From: Stephen Danseglio
Subject: RE: ntp probe security flaw

Im working on it, will let you know after my discussion with our Security team.

------------------------------
Support Engineer
Broadcom
US
------------------------------

Original Message:
Sent: Jan 20, 2023 08:40 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Never mind, I found it. Case 33273686 DE550309

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:56 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

The case should not be closed as this does represent a security flaw. What is the case number? I will reach out to our security SME as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:54 AM
From: Nijin K
Subject: ntp probe security flaw

Stephen

case opened and closed with same statement that this requires enhancement but no update on enhancement made me search for workaround or other ways to monitor ntp jitter between serer and network device.

So is there any way to speed up this process

regards
nijin
Original Message:
Sent: Jan 20, 2023 07:34 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

great, ask others to vote it up! and please open a case as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:32 AM
From: Nijin K
Subject: ntp probe security flaw

Already did stephen

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

Ive sent a reminder to the Security team, and Ill let you know as soon as I hear back.

Steve

------------------------------
Support Engineer
Broadcom
US
------------------------------

Original Message:
Sent: Jan 24, 2023 05:36 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Stephen

Have you got any update on this from security Team?

Regards
Nijin


Original Message:
Sent: 1/20/2023 9:35:00 AM
From: Stephen Danseglio
Subject: RE: ntp probe security flaw

Im working on it, will let you know after my discussion with our Security team.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 08:40 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Never mind, I found it. Case 33273686 DE550309

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:56 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

The case should not be closed as this does represent a security flaw. What is the case number? I will reach out to our security SME as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:54 AM
From: Nijin K
Subject: ntp probe security flaw

Stephen

case opened and closed with same statement that this requires enhancement but no update on enhancement made me search for workaround or other ways to monitor ntp jitter between serer and network device.

So is there any way to speed up this process

regards
nijin
Original Message:
Sent: Jan 20, 2023 07:34 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

great, ask others to vote it up! and please open a case as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:32 AM
From: Nijin K
Subject: ntp probe security flaw

Already did stephen

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

------------------------------
Principal Product Manager
Broadcom Software
------------------------------

Original Message:
Sent: Jan 24, 2023 08:36 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Ive sent a reminder to the Security team, and Ill let you know as soon as I hear back.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 24, 2023 05:36 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Stephen

Have you got any update on this from security Team?

Regards
Nijin


Original Message:
Sent: 1/20/2023 9:35:00 AM
From: Stephen Danseglio
Subject: RE: ntp probe security flaw

Im working on it, will let you know after my discussion with our Security team.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 08:40 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Never mind, I found it. Case 33273686 DE550309

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:56 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

The case should not be closed as this does represent a security flaw. What is the case number? I will reach out to our security SME as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:54 AM
From: Nijin K
Subject: ntp probe security flaw

Stephen

case opened and closed with same statement that this requires enhancement but no update on enhancement made me search for workaround or other ways to monitor ntp jitter between serer and network device.

So is there any way to speed up this process

regards
nijin
Original Message:
Sent: Jan 20, 2023 07:34 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

great, ask others to vote it up! and please open a case as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:32 AM
From: Nijin K
Subject: ntp probe security flaw

Already did stephen

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

Hi Ravishu

Thanks for update

When can I expect update on this, when will next meeting take place?

Regards
Nijin


Original Message:
Sent: 1/26/2023 7:21:00 AM
From: Ravishu Arora
Subject: RE: ntp probe security flaw

This request has been added to our backlog and shall be reviewed for prioritization in our next meeting. 

------------------------------
Principal Product Manager
Broadcom Software
------------------------------

Original Message:
Sent: Jan 24, 2023 08:36 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Ive sent a reminder to the Security team, and Ill let you know as soon as I hear back.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 24, 2023 05:36 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Stephen

Have you got any update on this from security Team?

Regards
Nijin


Original Message:
Sent: 1/20/2023 9:35:00 AM
From: Stephen Danseglio
Subject: RE: ntp probe security flaw

Im working on it, will let you know after my discussion with our Security team.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 08:40 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Never mind, I found it. Case 33273686 DE550309

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:56 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

The case should not be closed as this does represent a security flaw. What is the case number? I will reach out to our security SME as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:54 AM
From: Nijin K
Subject: ntp probe security flaw

Stephen

case opened and closed with same statement that this requires enhancement but no update on enhancement made me search for workaround or other ways to monitor ntp jitter between serer and network device.

So is there any way to speed up this process

regards
nijin
Original Message:
Sent: Jan 20, 2023 07:34 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

great, ask others to vote it up! and please open a case as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:32 AM
From: Nijin K
Subject: ntp probe security flaw

Already did stephen

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

Hi Ravishu

Did you have your review meeting can you please confirm if there is any update on ntp_response probe defect.

Regards
Nijin


Original Message:
Sent: 1/26/2023 7:21:00 AM
From: Ravishu Arora
Subject: RE: ntp probe security flaw

This request has been added to our backlog and shall be reviewed for prioritization in our next meeting. 

------------------------------
Principal Product Manager
Broadcom Software
------------------------------

Original Message:
Sent: Jan 24, 2023 08:36 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Ive sent a reminder to the Security team, and Ill let you know as soon as I hear back.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 24, 2023 05:36 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Stephen

Have you got any update on this from security Team?

Regards
Nijin


Original Message:
Sent: 1/20/2023 9:35:00 AM
From: Stephen Danseglio
Subject: RE: ntp probe security flaw

Im working on it, will let you know after my discussion with our Security team.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 08:40 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Never mind, I found it. Case 33273686 DE550309

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:56 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

The case should not be closed as this does represent a security flaw. What is the case number? I will reach out to our security SME as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:54 AM
From: Nijin K
Subject: ntp probe security flaw

Stephen

case opened and closed with same statement that this requires enhancement but no update on enhancement made me search for workaround or other ways to monitor ntp jitter between serer and network device.

So is there any way to speed up this process

regards
nijin
Original Message:
Sent: Jan 20, 2023 07:34 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

great, ask others to vote it up! and please open a case as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:32 AM
From: Nijin K
Subject: ntp probe security flaw

Already did stephen

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

Hi Nijin,

Recognizing the urgent need, we have indeed planned to initiate the work needed for this request. However, it would be helpful if we can get in touch with each other to ensure that the solution matches the needs. Can you please email me at ravishu.arora@broadcom.com so that I can set something up on the calendar with our technical team?

------------------------------
Principal Product Manager
Broadcom Software
------------------------------

Original Message:
Sent: Feb 06, 2023 02:59 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Ravishu

Did you have your review meeting can you please confirm if there is any update on ntp_response probe defect.

Regards
Nijin


Original Message:
Sent: 1/26/2023 7:21:00 AM
From: Ravishu Arora
Subject: RE: ntp probe security flaw

This request has been added to our backlog and shall be reviewed for prioritization in our next meeting. 

------------------------------
Principal Product Manager
Broadcom Software

Original Message:
Sent: Jan 24, 2023 08:36 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Ive sent a reminder to the Security team, and Ill let you know as soon as I hear back.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 24, 2023 05:36 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Stephen

Have you got any update on this from security Team?

Regards
Nijin


Original Message:
Sent: 1/20/2023 9:35:00 AM
From: Stephen Danseglio
Subject: RE: ntp probe security flaw

Im working on it, will let you know after my discussion with our Security team.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 08:40 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Never mind, I found it. Case 33273686 DE550309

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:56 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

The case should not be closed as this does represent a security flaw. What is the case number? I will reach out to our security SME as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:54 AM
From: Nijin K
Subject: ntp probe security flaw

Stephen

case opened and closed with same statement that this requires enhancement but no update on enhancement made me search for workaround or other ways to monitor ntp jitter between serer and network device.

So is there any way to speed up this process

regards
nijin
Original Message:
Sent: Jan 20, 2023 07:34 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

great, ask others to vote it up! and please open a case as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:32 AM
From: Nijin K
Subject: ntp probe security flaw

Already did stephen

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin

An updated NTP_Response probe release which fixes this concern is now GA:

https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?GroupId=1315&MessageKey=dc0400dc-776b-4964-a866-7b9bf8a3e07d&CommunityKey=170eb4e5-a593-4af2-ad1d-f7655e31513b

------------------------------
Principal Product Manager
Broadcom Software
------------------------------

Original Message:
Sent: Feb 06, 2023 04:01 AM
From: Ravishu Arora
Subject: ntp probe security flaw

Hi Nijin,

Recognizing the urgent need, we have indeed planned to initiate the work needed for this request. However, it would be helpful if we can get in touch with each other to ensure that the solution matches the needs. Can you please email me at ravishu.arora@broadcom.com so that I can set something up on the calendar with our technical team?

------------------------------
Principal Product Manager
Broadcom Software

Original Message:
Sent: Feb 06, 2023 02:59 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Ravishu

Did you have your review meeting can you please confirm if there is any update on ntp_response probe defect.

Regards
Nijin


Original Message:
Sent: 1/26/2023 7:21:00 AM
From: Ravishu Arora
Subject: RE: ntp probe security flaw

This request has been added to our backlog and shall be reviewed for prioritization in our next meeting. 

------------------------------
Principal Product Manager
Broadcom Software

Original Message:
Sent: Jan 24, 2023 08:36 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Ive sent a reminder to the Security team, and Ill let you know as soon as I hear back.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 24, 2023 05:36 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Stephen

Have you got any update on this from security Team?

Regards
Nijin


Original Message:
Sent: 1/20/2023 9:35:00 AM
From: Stephen Danseglio
Subject: RE: ntp probe security flaw

Im working on it, will let you know after my discussion with our Security team.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 08:40 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Never mind, I found it. Case 33273686 DE550309

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:56 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

The case should not be closed as this does represent a security flaw. What is the case number? I will reach out to our security SME as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:54 AM
From: Nijin K
Subject: ntp probe security flaw

Stephen

case opened and closed with same statement that this requires enhancement but no update on enhancement made me search for workaround or other ways to monitor ntp jitter between serer and network device.

So is there any way to speed up this process

regards
nijin
Original Message:
Sent: Jan 20, 2023 07:34 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

great, ask others to vote it up! and please open a case as well.

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 07:32 AM
From: Nijin K
Subject: ntp probe security flaw

Already did stephen

Please use below link to access same

https://community.broadcom.com/idea/ntp-response-probe-using-reserved-mode

regards
Nijin
Original Message:
Sent: Jan 20, 2023 07:14 AM
From: Stephen Danseglio
Subject: ntp probe security flaw

Since this can be considered a Security flaw, please also open a case and we will enter a defect.

Steve

------------------------------
Support Engineer
Broadcom
US

Original Message:
Sent: Jan 20, 2023 06:54 AM
From: Nijin K
Subject: ntp probe security flaw

Hi Team

We are trying to monitor NTP response of all the servers in our environment but when we used ntp protocol on NTP_response probe it got blocked by cisco
time Devices and when client contacted cisco they came up with below finding

1. It is incorrect to use ntp packets with mode 6 as (as this is classified as unsecure and possible to use in amplification attack)
2. Major distributions and NTP server SW does not support mode 6 or defaults to disable it

• References

1. RHEL chrony does not support mode 6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_achieving-some-settings-previously-supported-by-ntp-in-chrony_configuring-basic-system-settings
2. Cisco ratelimits mode 6 packets https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673
3. Ntpd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-understanding_the_ntpd_configuration_file

Can anybody suggest if there is a workaround for this.

regards
Nijin