NIST NTP servers

Harlan Stenn stenn at
Thu May 12 03:13:46 UTC 2016

Harlan Stenn writes:
> Sharon Goldberg writes:
> > Well, if you really want to learn about the NTP servers a target is using
> > you can always just sent them a regular NTP timing query (mode 3) and just
> > read off the IP address in the reference ID field of the response (mode 4).
> Unless the server is an IPv6 server.  This trick only works for IPv4.
> And we have a fix for all of this that will be out soon.

Also, the attacker will need to know the correct origin timestamp for
the brief window where that attack will work, and even if this happens
either the client or the server will see syslog entries alerting to the
abuse (if folks are running new enough versions of ntpd).


More information about the NANOG mailing list