Another reason to look at NTP

Here is something I came across recently that I have’t seen before:

NTP internal IP disclosure

This is from an Internet facing host. The interesting bit here is the disclosure of internal IP addresses in the “refid” field. Just another thing to watch out for during pentests and when configuring your NTP services.

As a side note, carnal0wnage has some great posts on getting information out of NTP services.

Constructive Feedback

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s