SID 1:46387

Report a false positive

Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER Multiple Vendors NTP zero-origin timestamp denial of service attempt

Rule Explanation

This event is generated when 5 or more NTP packet contains a zero-origin timestamp are sent within one second Impact: Attempted Denial of Service Details: If an NTP packet containing a zero-origin timetamp is sent in some volume, then it could trigger a DoS condition with vulnerable versions of NTP package Ease of Attack: Simple

What To Look For

No information provided

Known Usage

No public information

False Positives

Known false positives, with the described conditions

Zero-origin timestamp is not against specification, however not common

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2018-7184 CVE-2018-7185

Additional Links

support.ntp.org/bin/view/Main/NtpBug3453
support.ntp.org/bin/view/Main/NtpBug3454

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2018-7184
 Loading description
CVE-2018-7185
 Loading description