Intrusion Prevention

  • 1.  CVE-2013-5211

    Posted 09-26-2022 06:22
    Hi.
    I want to ask about recommendation for CVE-2013-5211 - description : The remote NTP server responds to mode 6 queries. Devices that respond
    to these queries have the potential to be used in NTP amplification attacks. An unauthenticated, remote attacker could potentially exploit
    this, via a specially crafted mode 6 query, to cause a reflecteddenial of service condition.

    is there any suggestion based on that information vulnerability?



    ------------------------------
    DENDHY GALIH
    ------------------------------


  • 2.  RE: CVE-2013-5211

    Posted 09-26-2022 06:58
    By default Junos routing engine (RE) will act as a ntp server and accept all traffic.  To prevent this you need to apply a firewall filter to the loopback or management address of the device.

    A sample protect  RE filter can be found here for comprehensive all protocols.
    https://blog.interconnect.nl/juniper-ex-re

    If you only want to protect for ntp you would need to just make the ntp block and allow terms and change the final term to allow instead of discard or it will block your ssh access and other communications too.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------