About NTP
NTP manages time synchronization for all network member devices. Accurate timekeeping is necessary for the proper functioning of computer systems. The NTP protocol ensures that the entire fleet stays on time.
Port |
Usage |
---|---|
123 |
TCP and UDP |
To avoid replay attacks, the Kerberos protocol requires that all packets exchanged be time-stamped. By default, the Kerberos protocol accepts a maximum offset (clock-skew) of 5 minutes between the client and the server. Beyond this offset, the server and the client will refuse the packets exchanged.
In the case of Windows systems, the client and server can renegotiate another less secure protocol, NTLM, if Kerberos authentication would fail due to a time lag. Thus one can have workstations with NTP issues on a network without realizing it. Also one of the servers may have a time lag and refuse packets from clients that are on time.
Since time is important for security (see e.g. the note above), Microsoft has chosen to sign NTP packets in NT5DS mode. Non-domain Windows workstations are configured by default in NTP mode on Microsoft’s public servers. When a workstation is added to the domain, the workstation automatically switches to NT5DS mode.
On Linux servers, the historical NTP server is ntpd, but it is gradually being replaced by more modern implementations, such as chrony.