[ntp:questions] Legitimate Source Ports for NTP traffic?

Jason Rabel jasonrabel99 at gmail.com
Mon Nov 19 02:18:10 UTC 2018


I was making some firewall changes and accidently flip-flopped some
settings briefly. While reviewing the firewall logs I noticed that
there was some NTP traffic coming from various privileged ports (other
than 123)... Literally like ports 1,3,5,6,7, and many others in the
double & triple digit range...

I always thought that the source should be either 123 for a normal NTP
client, or an unprivileged port 1024-65535 ????

Rough estimate probably about 15% of NTP requests from from random
privileged ports...  That seems rather high to just be random chance.

Are people really that bad at coding and following standards, or is
this illegitimate traffic and should be blocked?


More information about the questions mailing list