NTP - Port 123/UDP
Become VeryLazyTech member! π
Follow us on:
β Twitter @VeryLazyTech.
πΎ Github @VeryLazyTech.
π Medium @VeryLazyTech.
πΊ YouTube @VeryLazyTech.
π© Telegram @VeryLazyTech.
π΅οΈββοΈ My Site @VeryLazyTech.
Visit our shop for e-books and courses. π
Basic info
The Network Time Protocol (NTP) is a critical component of modern computing, ensuring accurate time synchronization across networked devices. Accurate timekeeping is essential for various IT functions, including system logs, security mechanisms, scheduling, and distributed systems.
How NTP Works
NTP operates on a client-server model:
Time Sources (Stratum Levels):
Stratum 0: High-precision timekeeping devices (e.g., atomic clocks, GPS receivers).
Stratum 1: Servers directly connected to Stratum 0 devices.
Stratum 2+: Clients synchronized to higher strata.
Time Synchronization Process:
Devices communicate with NTP servers using UDP on port 123.
NTP calculates time offsets and round-trip delays to adjust the local clock.
Clock Hierarchy:
Stratum levels prevent looping dependencies and ensure reliability.
Why Accurate Timekeeping Matters
Event Correlation: Logs from different systems must have consistent timestamps for effective troubleshooting and forensic analysis.
Security Mechanisms:
Authentication protocols like Kerberos require synchronized clocks to prevent replay attacks.
Digital certificates rely on valid timeframes for their operation.
Distributed Systems: Coordinated tasks and transactions depend on precise timekeeping to avoid conflicts.
Default port: 123/udp
PORT STATE SERVICE REASON
123/udp open ntp udp-response
Enumeration Techniques
Querying NTP Servers
NTP servers support various commands that provide detailed information. Tools like ntpq
and ntpdc
allow querying the server.
ntpq -p <target-ip>
Retrieves a list of clients connected to the server:
ntpdc -c monlist <target-ip>
Nmap:
nmap -sU -p 123 --script=ntp-info <target-ip>
nmap -sU -p 123 --script=ntp-monlist <target-ip>
Exploiting the monlist
Command
The monlist
command, available on older NTP servers, lists up to 600 recent clients.
ntpq -c rv <target-ip>
Chrony:
For environments using Chrony as an NTP daemon, enumeration requires specific tools or commands:
chronyc sources
Metasploit Framework:
use auxiliary/scanner/ntp/ntp_monlist
Files
he ntp.conf
file is the primary configuration file for NTP (Network Time Protocol) servers and clients. It governs how an NTP service operates, defines server associations, and sets access restrictions. Misconfigured ntp.conf
files can expose systems to risks such as unauthorized access, information leakage, or exploitation in DDoS amplification attacks.
Default Locations for ntp.conf
ntp.conf
Linux (Most Distributions)
Common path:
/etc/ntp.conf /etc/inet/ntp.conf /etc/xntp.conf
Windows
For NTP services like
w32time
, configuration is done via the registry:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time
macOS
Usually found at:
/etc/ntp.conf
Finding the Configuration File
Linux:
find /etc -name ntp.conf
macOS or Unix:
locate ntp.conf
Verify Running NTP Process (Linux):
ps -ef | grep ntpd
Learn & practice For the OSCP.
Last updated
Was this helpful?