NTP Monitor Report

This report identifies NTP servers that have the potential to be used in amplification attacks by criminals that wish to perform denial of service attacks.

The NTP monitor command is a Mode 7 query for MON_GETLIST_1. To manually test if a system is vulnerable to this, you can use the command:

ntpdc -n -c monlist [ip]

Statistics for these servers can be found here.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the NTP response came on (UDP)
  • port
    Port that the NTP response came from
  • hostname
    Reverse DNS name of the device in question
  • packets
    The total number of packets received from the device in question
  • size
    The total amount of data (in bytes) received from the device in question
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides

Sample

"timestamp","ip","protocol","port","hostname","packets","size","asn","geo","region","city"
"2014-04-12 08:43:11","218.161.57.7","udp",123,"218-161-57-7.hinet-ip.hinet.net",10,4400,3462,"TW","T'AI-WAN","TAIPEI"
"2014-04-12 08:43:11","190.116.130.70","udp",123,,4,1544,12252,"PE","PROVINCIA DE LIMA","LIMA"
"2014-04-12 08:43:12","108.212.208.147","udp",123,,2,592,7018,"US","MISSOURI","KANSAS CITY"
"2014-04-12 08:43:12","81.245.134.4","udp",123,,1,224,5432,"BE","BRUSSELS HOOFDSTEDELIJK GEWEST","BRUSSELS"
"2014-04-12 08:43:12","114.35.11.110","udp",123,,1,224,3462,"TW","T'AI-WAN","TAIPEI"
"2014-04-12 08:43:12","180.241.34.240","udp",123,,1,368,17974,"ID","SUMATERA UTARA","MEDAN"
"2014-04-12 08:43:12","109.173.161.127","udp",123,"d161-127.icpnet.pl",1,80,13110,"PL","WIELKOPOLSKIE","POZNAN"
"2014-04-12 08:43:12","216.234.67.45","udp",123,,2,808,19107,"US","SOUTH CAROLINA","LAKE CITY"
"2014-04-12 08:43:12","107.130.96.108","udp",123,,2,592,7018,"US","CALIFORNIA","SAN FRANCISCO"
"2014-04-12 08:43:13","77.241.38.7","udp",123,,5,2200,38951,"RU","SAINT PETERSBURG CITY","SAINT PETERSBURG"
"2014-04-12 08:43:13","80.84.176.200","udp",123,,1,152,15738,"UA","ZAPORIZ'KA OBLAST'","ZAPORIZHZHYA"

Our 73 Report Types

« Back to Network Reporting