NTP enumeration¶
An attacker can enumerate the following information by querying an NTP server.
List of hosts connected to the NTP server
Internal client IP addresses, hostnames and operating system used
Tools¶
ntptrace is a python script that uses the ntpq utility program to follow the chain of NTP servers from a given host back to the primary time source.
ntpdc queries the NTP daemon about its current state and to request changes in the state.
ntpq monitors NTP daemon NTPD operations and determines performance.
Remediation¶
Restrict the usage of NTP and enable the use of NTPSec, where possible.
Filter the traffic with IPTables.
Enable logging for the messages and events.
Last update:
2025-05-19 17:27