The Network Time Protocol is a protocol that is used to synchronize the computer clock time in network of computers. The port number for NTP is 123 and it is udp protocol.
- NTP uses the Coordinate Universal Time (UTC), to synchronize the computer clock times to milliseconds
and sometimes fraction of milliseconds.
- UTC is obtained by several methods like radio and satellite systems.
Andspecial receivers are available for high level services such as Global Positioning System (GPS).
UTC: UTC is one of the primary time standards for the world clock and time regulates. And it is also one of the closely related successors with GMT (Greenwich Mean Time). And it is used interchangeably with GMT for most purposes.
- Anyway it is not practical and cost effective so instead of that computers designed primary time servers which are outfitted with receivers, and they also used NTP for time synchronize for networked computers.
NTP is applicable for both protocol and client, server programs which run on computers. The programs are compiled by the users as NTP client or NTP server, sometimes both.
- NTP client initiates the time request to exchange the time server.By exchanging the time server the result is the client is able to calculate the link delay and its local offset.
- Also it adjusts the local clock which is matched to the clock in the server computer. If we change the clock 6 times within 5 to 10 minutes, then we have to reset the clock, this is the rule.
- Once the time is synchronized then the client is update the clock for every 10 minutes for exchanging the message.
- NTP also supports for client, server synchronization to broad cast the synchronization for peer computer clocks.
- NTP protocol is exploited and used for the Denial of Service (DOS) attack. Because the drawback in NTP is it will reply to a packet for spoofed source ip address.
- Another one is, one the built-in command of NTP will give a long reply to the short request.
If the NTP port is closed how the time will be synchronized?
The mechanism of NTP is synchronizing the time in network computers. First a machine can obtain the time from server that is a reliable time source. After that, second machine itself act as a time source for other computers in the network.
Reflection attack in NTP:
- In NTP reflection attack is there. In this reflection attack the attacker send a crafted packet which requests a large amount of date send to the server.
- By sending packet the attacker take the advantage of monlist command.
- Monlist is a remote command in older version of NTP which sends the requester a list of last hosts which are connected to the server.
Test cases for NTP:
There are two test cases for ntp.
Version: by using nmap scan we can get the version.