09/02/2022

IP Security – NTP – Network Time Protocol Port 123

NTP allows you to set the clocks on your systems very accurately, to within 1 to 50 ms of the time on a central server. Knowing the exact time is extremely important for certain types of applications and protocols:

It is much easier to correlate information from multiple machines (log files, for example, when analysing a break-in attempt) when all the clocks on those machines are synchronized. It’s helpful to know exactly who was attacked, and in what order, if you’re going to understand what the attacker was after – and what might be coming next.

Some security protocols depend on an accurate source of time information to prevent “playback” attacks. Such protocols tag their communications with the current time, so that those same communications (e.g., a login/password interaction or even an entire communication) cannot be replayed later as part of an attack. This tagging can be circumvented if the clock can be set back to the time the communication was recorded.

Security Concerns:

It provides both information and possible avenues of attack for intruders. Stop security-related tasks from running or cause them to run at incorrect times. Make system and audit logs unreliable since time is alterable.

Recommended Actions

To resolve this vulnerability we would request that you check your hardware settings and all of your devices to ensure that TCP/UDP port 123 (NTP) is closed. The precise method for doing this will depend upon your make, model, and operating system of your device.

Reference Material

CVE.mitre.org is also another useful site and by searching their “CVE list” and typing in the Vulnerability they can help identify and mitigate the issue:

https://cve.mitre.org/

https://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners