[ntp:questions] xntp both serve and client

Maarten Wiltink maarten at kittensandcats.net
Wed Nov 5 21:30:07 UTC 2008

"fenwayfool" <peterson.russell at gmail.com> wrote in message
news:9fa0247a-eb93-4ae2-a0ac-af96cc20329f at w1g2000prk.googlegroups.com...

> Is it possible to turn off xntp server functionality?

Effectively, yes. Strictly, no.

> That is, xntpd seems to always have port 123 open.  This shows up on a
> port scan even though the system I have really only requires client
> functionality.  Seems like I could restrict server access via the
> ntp.conf file but port 123 would still be open... I don't want random
> port scans to show the port as open.

It's _UDP_ port 123. UDP being stateless, if you want to hear replies
to your queries, you need to listen some of the time. The easiest way
to do that, is to listen all of the time. NTP takes that way.

If you have a very smart firewall, you could configure it to only let
the port show as open for a few seconds after a request came out of it.
Don't come asking me how to do that, though, it's way over my head.

As a benefit, NTP will provide diagnostic information when asked on
that same port. You may not care for it, but it allows for easy
checking that an NTP client is actually running well and where it's
getting its time from and so on.

Maarten Wiltink

More information about the questions mailing list