[ntp:questions] Source port for NTP
geoffdown at fastmail.net
Thu Oct 22 02:26:34 UTC 2015
I am occasionally getting outgoing firewall alerts from NTP attempting
to send packets back to random destinations. Although I have the latest
NTP and thus am not susceptible to NTP amplification DDoS attempts, I
would prefer not to be bugged by people scanning for vulnerable
servers. I assume that UDP packets are getting through the router due
to 'full cone NAT' as explained at
and the fact that NTP is always using port 123 as the source port when
it polls the remote time server every minute; thus leaving port 123 open
on the router all the time, since it never times out.
There are obviously ways to block the unwanted UDP packets after they
have reached the local network, but I'd rather they got blocked at the
router. To this end, can NTP be made to use a random source port (in
Ancillary question: can ntpd/ntpq/ntpdc be queried to confirm the
configuration file *actually* used when ntpd was invoked?
http://www.fastmail.com - mmm... Fastmail...
More information about the questions