4.5 NTP Enumeration

NTP Enumeration

  • Network Time Protocol (NTP) is designed to synchronize clocks of networked computers.
  • It uses UDP port 123 as its primary means of communication.
  • NTP can maintain time to within 10 milliseconds (1/100 seconds) over the public Internet.
  • It can achieve accuracies of 200 microseconds or better in local area networks under ideal conditions.
  • Attacker queries NTP server to gather valuable information such as:
    • List of hosts connected to NTP server
    • Clients IP addresses in a network, their system names and OSs
    • Internal IPs can also be obtained if NTP server is in the DMZ

NTP Enumeration Commands

  • ntptrace:
    • Traces a chain of NTP servers back to the primary source
    • ntptrace [-vdn] [-r retries] [-t timeout] [server]
  • ntpdc:
    • Monitors operation of the NTP daemon, ntpd
    • /usr/bin/ntpdc [-n] [-v] host1 | IPaddress1...
  • ntpq:
    • Monitors NTP daemon ntpd operations and determines performance
    • ntpq [-inp] [-c command] [host] [...]

NTP Enumeration Tools

results matching ""

    No results matching ""