What is Port 123?
by Colin Cohen | Published on October 20, 2023
Computers and other devices running on the Internet use Network Time Protocol (NTP) over port 123 to synchronize their time using the UDP transport protocol.
Network Time Protocol Explained
NTP, which operates over port 123, uses an intersection algorithm to synchronize a set of computers so that they all have the same UTC time, within a handful of milliseconds. It does this by finding a selection of accurate time servers and mitigating the effects of network latency when computing the correct time.
NTP Protocol Port 123 and Time Synchronization
NTP is an important protocol because many distributed applications rely on time synchronization between devices. It is also necessary for the accurate logging of events on the device. By running NTP, a device can ensure that it is operating on the correct time and running on the same time as other devices that need to communicate with it.
Is NTP Port 123 UDP?
NTP uses the UDP transport protocol over port 123. It uses UDP because NTP doesn’t require a TCP connection, and using UDP results in low network overhead and low service response latency, so it is faster than TCP.
What is Port 123 Used For?
You use port 123 for requesting and synchronizing time through the NTP protocol, which can include authentication and logging.
Requesting and Synchronizing Time with NTP Port 123
An NTP client is any device that requests time synchronization from an NTP server, and it does this in the following manner:
The client initiates an NTP request by sending a timestamp to an NTP server.
The NTP server marks the time it receives the request and the time it responds to the request and returns this to the client.
The client uses the server’s timestamps to determine the correct time and then adjusts its own time if necessary.
This NTP tutorial from Jeremy Cioara explains more about how to describe and configure the NTP.
Authentication and Logging with Port 123
To prevent the tampering of timestamps by attackers, NTP protocol can use MD5-encoded keys to verify the timestamps sent to an NTP client. This ensures that a trusted source has generated the timestamp.
NTP will, by default, log all synchronization messages it sends and receives. However, you can configure which events you want to log. How you do this depends on the operating system of the device.
How to Find Your NTP Server Address and Connect to It
How you find your NTP server addresses depends on the device's operating system. In Windows, you can get them by entering the following command in a Command prompt:
w32tm /query /peers
You typically connect to your NTP servers automatically through the operating system of your device so that the device can continuously have an accurate time.
Port 123 Vulnerabilities and Security Concerns
Port 123 can be susceptible to DDoS attacks if you don’t have NTP properly secured and configured on the device.
DDoS Attacks Against Port 123 In the Past
Hackers have been able to stage DDoS attacks against NTP servers over port 123. They do this by overwhelming the server with a large amount of UDP traffic in what is known as an NTP amplification attack. The attack takes advantage of the monlist command within NTP, which requests and prints traffic counts that the NTP process collects and maintains.
How to Keep NTP Secure and Configured
You can protect your NTP servers from DDoS attacks by upgrading your version of NTP to 4.2.7 or higher. This will disable the monlist command, which is how attackers abuse NTP.
Another way to mitigate DDoS attacks against port 123 is to implement source IP verification. You do this through ingress filtering, which will help reject packets from spoofed IP addresses and limit the amount of traffic sent to the NTP server.
Is Port 123 Safe to Open?
Port 123 is safe to open if you have properly secured and configured your NTP servers by installing the latest version of NTP or by implementing ingress filtering.
How to Know if Port 123 is Open on Windows
To check if port 123 is open in Windows, open a Command Prompt on the device and enter the following command:
netstat -aon
The output from this command will indicate if port 123 on the device is in a LISTENING state, which means it is open.
Port Conflicts and Overlaps with NTP UDP Port 123
Only one process can listen to port 123 at a particular time. If you are experiencing a conflict with this port and cannot start your NTP server, you must first stop the process currently listening to port 123.
Servers and Network Devices Make Requests
Understand that both servers and network devices can make NTP requests. You need to ensure that you have port 123 open on any device that will act as an NTP server and that there are no conflicts with this port.
Configuring Devices So That Only NTP is Using 123
To configure a device so that only NTP is using port 123, you must start your NTP server on this port. This will prevent other processes from listening to port 123.
Key Takeaways About Using Port 123
You use UDP port 123 for running NTP protocol so that your devices on the Internet can accurately synchronize their time. To secure port 123, consider restricting access to trusted sources, as open NTP servers can be misused for DDoS amplification attacks. Be sure to regularly patch any vulnerabilities to mitigate risks.