4.5 NTP Enumeration
- Network Time Protocol (NTP) is designed to synchronize clocks of networked computers.
- It uses UDP port 123 as its primary means of communication.
- NTP can maintain time to within 10 milliseconds (1/100 seconds) over the public Internet.
- It can achieve accuracies of 200 microseconds or better in local area networks under ideal conditions.
- Attacker queries NTP server to gather valuable information such as:
- List of hosts connected to NTP server
- Clients IP addresses in a network, their system names and OSs
- Internal IPs can also be obtained if NTP server is in the DMZ
NTP Enumeration Commands
- Traces a chain of NTP servers back to the primary source
ntptrace [-vdn] [-r retries] [-t timeout] [server]
- Monitors operation of the NTP daemon, ntpd
/usr/bin/ntpdc [-n] [-v] host1 | IPaddress1...
- Monitors NTP daemon ntpd operations and determines performance
ntpq [-inp] [-c command] [host] [...]