LAST UPDATED: 2022-08-29
This report identifies NTP servers that have the potential to be used in amplification attacks by criminals that wish to perform denial of service attacks.
The NTP monitor command is a Mode 7 query for MON_GETLIST_1. To manually test if a system is vulnerable to this, you can use the command:
For more details behind the scan methodology and a daily update of global NTP Monitor scan statistics please visit our dedicated NTP Monitor scan page.
You can learn more on the report in our NTP Monitor Report tutorial.
You can learn more on our reports in general in our Overview of Free Public Benefit Shadowserver Reports presentation, which also explains example Use Cases.
For more information on our scanning efforts, check out our Internet scanning summary page.
Filename(s): scan_ntpmonitor, scan6_ntpmonitor