NTP monlist Command Enabled

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The remote network time service could be used for network
reconnaissance or abused in a distributed denial of service attack.

Description :

The version of ntpd on the remote host has the 'monlist' command
enabled. This command returns a list of recent hosts that have
connected to the service. As such, it can be used for network
reconnaissance or, along with a spoofed source IP, a distributed
denial of service attack.

See also :


Solution :

If using NTP from the Network Time Protocol Project, either upgrade to
NTP 4.2.7-p26 or later, or add 'disable monitor' to the 'ntp.conf'
configuration file and restart the service. Otherwise, contact the

Otherwise, limit access to the affected service to trusted hosts.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 71783 ()

Bugtraq ID: 64692

CVE ID: CVE-2013-5211

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial