Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 NTP:MONLIST-REQUEST

Severity

 Low

Recommended

 Yes

Recommended Action

 Drop

Category

 NTP

Keywords

 Monitor List Command

Release Date

 2014/01/29

Update Number

 2339

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

NTP: Monitor List Command


This signature detects the NTP command "monlist" sent from a client to a server. This command has been depreciated in ntpd versions 4.2.7 and above due to its usefulness as an unauthenticated traffic amplifier. While this is a valid command on versions below 4.2.7, its use is not recommended and normally not used on Internet traffic. Hits on this signature from the Internet are most likely "spoofed" UDP packets sent from an attacker in an attempt to trigger your organization's NTP server to flood the source IP - the real victim - with a large volume of traffic

References

  • CVE: CVE-2013-5211

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out