May the source be with you, but remember the KISS principle ;-)

Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

NTP -- Network Time Protocol

News Recommended Links Tutorials FAQs Tips
Configuration of Solaris NTP server RHEL NTP configuration  ntpdate ntpq ntptrace
Troubleshooting Quiz Appliances    
 History Horror Stories Random Findings Humor Etc

NTP was developed by David Mills and others at the University of Delaware as a means for solving the problem of time synchronization between different servers connected to the Internet.  Detailed information about NTP, version of the protocol and corresponding RFCs can  be found at

NTP runs on UDP port 123. The NTP servers advertise every 64 seconds, by means of a multicast address (, that they are NTP servers. Any NTP client that is not configured with the unicast address of an NTP server multicasts when the xntpd process starts. The NTP client sends request packets to all the NTP servers that it knows using their unicast addresses. Included in the request packet is the clientís local time.  The NTP server replies by inserting UTC time into the return packet. The client compares its original request time with its own time when it receives the response from the server. This allows the client to determine how long the packet was in transit on the network.

Despite trivial semantic NTP is a rather complex protocol. Servers are organized into hierarchical levels called stratum that act in a hierarchy.

Several additional terms are used when describing NTP-related topics:

NTP client software is essentially nothing more then an intelligent corrector of the latency errors due to transmission via IP.

Most modern OSes provide daemons for NTP protocol. The key problem with xntpd that implements NTP protocol on Solaris is that it has gotten rather fat. It is definitely larger than might be desirable for an daemon running as root on the critical servers, particularly since many of the fancy features which consume space were designed more for a busy primary server, rather than a client that just needs to sync clocks.

For linux see Troubleshooting NTP on Red Hat Linux and RHEL NTP configuration

On Solaris /etc/inet/ntp.server file is a template for configuring an NTP server. Copy this file to /etc/inet/ntp.conf, and edit it to meet your networkís requirements. The /etc/rc2.d/S74xntpd  script is executed at system boot time and starts the xntpd process if the /etc/inet/ntp.conf file exists. The xntpd process starts in either the client or the server mode, depending on the contents of the ntp.conf file.

Here is one relevant recommendation from the Internet:

If there is any host I wouldn't want compromised it would be the firewall. So no xntpd diamon should run on the firewall. A firewall filtering should only allow NTP protocol traffic to/from 3 Stratum II servers. The NTP daemon is also set to only allow synchronization with these 3 hosts. NTP is only allowed between this internal host and the bastion host running NTP. We have setup the DES keys for the software so inter-server communication is at least authenticated with a private key crypto system versus the typical Unix plain text key. Internal hosts communicate with the internal NTP server only. We have all our NT and Unix servers pointing to this NTP server. You probably could setup udprelay to handle the inter-server communication portion, instead of a actual forwarding gateway. Our use the a packet filtering gateway is particular to a specific need of our network.

A stripped-down version of the protocol, the Simple Network Time Protocol (SNTP) is highly recommended for clients. SNTPclients are compatible with all NTP.


If full client is used it might be beneficial to use internal protected server which is the only one that can communicate with the Internet based NTP servers.

Please note that downtime is not a problem for NTP servers as clients are pretty much autonomous and internal clocks are precise enough for servers to survive without synchronization for quite a long time. 

For even more simpler and more secure alternative to NTP we might also consider "clockspeed + sntpclock" combination from D. J. Bernstein, the author of qmail:

This version of clockspeed can use the Pentium RDTSC tick counter or the Solaris gethrtime() nanosecond counter.

Top updates

Bulletin Latest Past week Past month
Google Search


Old News ;-)

[Dec 01, 2015] HowTo Verify My NTP Working Or Not

by Vivek Gite on March 25, 2010 last updated November 29, 2015

... You can use any one of the following program to verify ntp client configuration:

  1. ntpq - standard NTP query program
  2. ntpstat - show network time synchronisation status
  3. timedatectl - show or set info about ntp using systemd

ntpstat command

The ntpstat command will report the synchronisation state of the NTP daemon running on the local machine. If the local system is found to be synchronised to a reference time source, ntpstat will report the approximate time accuracy.

You can use the exit status (return values) to verify its operations from a shell script or command line itself:

Type the command as follows:
$ ntpstat
Sample outputs:

synchronised to NTP server ( at stratum 3
   time correct to within 42 ms
   polling server every 1024 s

Use the echo command to display exit status of ntp client:
$ echo $?
Sample outputs:


ntpq command

The ntpq utility program is used to monitor NTP daemon ntpd operations and determine performance. The program can be run either in interactive mode or controlled using command line arguments. Type the following command
$ ntpq -pn
$ ntpq -p
Sample outputs:

     remote           refid      st t when poll reach   delay   offset  jitter
*      2 u  509 1024  377   51.661   -3.343   0.279
+ns1.your-site.c   3 u  899 1024  377   48.395    2.047   1.006       2 u  930 1024  377    0.693    1.035   0.241
 LOCAL(0)        .LOCL.          10 l   45   64  377    0.000    0.000   0.001

The above is an example of working ntp client. Where,

  1. -p : Print a list of the peers known to the server as well as a summary of their state.
  2. -n : Output all host addresses in dotted-quad numeric format rather than converting to the canonical host names.

A note about timedatectl command

If you are using systemd based system, run the following command to check the service status
# timedatectl status

systemd-timesyncd configuration

If NTP enabled is set to No. Try configuring by editing /etc/systemd/timesyncd.conf file as follows:
# vi /etc/systemd/timesyncd.conf
Append/edit [Time] as follows i.e. add time servers or change the provided ones, uncomment the relevant line and list their host name or IP separated by a space (default from my Debian 8.x server):


Save and close the file. Finally, start and enable it, run:
# timedatectl set-ntp true
# timedatectl status

[Nov 5, 2006] Sun Solaris FAQ - Tek-Tips

Configuring NTP on Sun Solaris

*** Important Note ***
According to Sun, NTP can only sync time if it is off by no more than 17 minutes. Furthermore, adjusting time being off by seconds will take several minutes because NTP is architected to slowly adjust to the NTP master's time. It may also be adviseable to to use rdate daily\weekly to account for systems that, for whatever reason, have their clocks off by more than 17 minutes.

[Oct 3, 2006] NTP (Network Time) Appliance - VMTN Virtual Appliances Directory

1. This appliance will attempt to pull random ip addresses from (13 +, synchronize the virtual machine clock, and start the server service for Network Time Protocol (NTP). Having correct time is important for many servers. For example, logs from Intrusion Detection Systems without proper clocks may be thrown out of court as evidence for a crime. Considering Microsoft's Active Directory and Domains, all domain controllers must have their system clocks synchronized in order for "replication" to occur. An unsynchronized domain controller will only be able to provide read-only access to Active Directory objects. Another useful scenario for this virtual appliance is the clock synchronization for all machines. The virtual appliance is able to respond to NTP queries as well as support for the Windows Operating System. Even certain phone or PBX systems, such as Avaya's IP Office, will be able to synchronize the correct time with this appliance. Cost is also a factor. Compare this free virtual machine appliance to other hardware based models. Quoting from, "A high quality time server costs roughly $3,000 to $10,500, depending on the level of accuracy required." The appliance is setup to be automatic and very little end-user configuration is needed. To increase security, shorewall and iptables is used to harden the appliance, only allowing NTP communications and/or Windows support.

2. Mandrivia Linux 2006 was used for the initial setup of this appliance. Only the base system was installed (no XWindows) and tools were installed for kernel compilation. In order to provide Windows support with the "net time" command, Samba was installed and setup. Throughout the course of development, new Linux kernels were released and the one currently in this appliance is kernel The kernel was custom compiled to reduce size occupied on disk and in memory. VMtools was installed, however vmhgfs was removed since file sharing is not a desirable option. The only other module that can be compiled is vmxnet. The modules vmdesched and vmmemctl appear to only be available if the host is VMware ESX; this appliance was developed under VMware Workstation 5.5.1. After testing, a meticulous process of hand pruning unnecessary files was done. Then an empty virtual machine harddisk was set up to accomodate this final smaller size for the guest operating system. Files were tar'd to a backup virtual disk and untar'd to this new drive to shrink the vmdk file for final submission. A custom menu system was created to aid the end-user in managing this virtual machine, so there should be no reason to enter the "command console." If the end user wishes, a bash console is found in the custom menu.

Developed to use the fewest resources, this virtual appliance is configured to only use 24megs of RAM and up to a maxium of 100megs of physical hard disk space. Hard disk usage is approximately 78megs on "first time" uncompress but usually stays around 80megs during normal usage.

3. An end user should just start the virtual machine normally. The appliance is configured for "first time" setup and will prompt the end user for configuration of the system.

4. Everything in this appliance is open source.

[Aug 18, 2006] Galleon - Time Synchronisation Specialist -- UK producer of several NTP appliances

Produces rack mountable servers that use GPS time that might be useful for large corporations with backup datacenter needs as well as products that might be useful for mobile environments and developing countries that do not have reliable internet connectivity.
Galleon Atomic Clocks and NTP Time Servers are used by organizations world-wide and provide reliable time Synchronisation 24 hours a day 365 days a year.

Proven technology already in use in thousands of organizations including 3M, Shell, NASDAQ, AIB Bank, Fujitsu, Buckingham Palace, Ford Credit, Rolls Royce, GlaxoSmithKline, Deutsche Bank, Bank of England, Sharp, Daimler Chrysler and Cannon amongst others.

[Jul 30, 2005 ] Slashdot Time Syncing Through a Firewall Without NTP


(Score:4, Insightful) by samjam (256347) on Saturday July 30, @07:41PM (#13204687)
( | Last Journal: Wednesday June 02, @09:18AM)

I like this idea. First get a written refusal in response to a written request to open NTP on the firewall. Then use this to justify a hardware purchase for the clock hardware. Wait till bosses realise that a $500 piece of kit and a couple of days setting up could be replaced by 5 mins configuration by a dolt.

[Nov 14, 2005] Summary ntpd on Solaris 10

Andreas HŲschler ahoesch at
Mon Nov 14 06:48:17 EST 2005

Hi all,

thanks to

"Jonathan Birchall" <Jonathan.Birchall at>
Hutin Bertrand <Bertrand.Hutin at>

> The config file is in the same place as the later Solaris,s - ie 
> /etc/inet/ntp.conf.
> Check what dependencies xntp relies on - svcs -l 
> svc:/network/ntp:default
> If all dependencies exist then
> svcadm enable svc:/network/ntp
> svcadm refresh svc:/network/ntp
> svcadm restart svc:/network/ntp
> This should start xntpd.

This is what I was looking for. I now get

	svcs | grep ntp

	online         12:31:24 svc:/network/ntp:default

Thanks a lot!



Network Time Protocol Version 3

The Network Time Protocol (NTP) provides a mechanism to synchronize time on computers across an internet. The specification for NTP version 3 is defined in RFC 1305. xntp is a public domain software package which uses NTP for synchronizing computer clocks. xntp is usually run as a daemon at boot time (via xntpd); alternatively, it can be run periodically as a cron job (via ntpdate). xntp can achieve extremely close (1 millisecond) time synchronization among a collection of machines. Such synchronization can be very useful for multi-machine activities that depend upon accurate time stamps.

The source code for xntp can be obtained from xntp version 3.4x can be obtained locally for AIX, IRIX, HP-UX, SunOS4 and SunOS5 via the SQIRT program, or by anonymous ftp to in the appropriate architecture directory. xntp should be installed in the /usr/local directory, eg. binaries in /usr/local/bin, man pages in /usr/local/man, etc. The local build provides a directory at /usr/local/info/xntp-3.4x which contains informational files supplied with the distribution, and an init directory containing startup/shutdown scripts and a sample configuration file ntp.conf.

If you only want a basic outline of what you must do to build, install and run xntp, then read the WHERE-TO-START, README and RELNOTES files supplied with xntp.

As of this writing ntp version 4 is out. The v4 clients are backwards compatible so it should work.

For more details on NTP and xntp, see the author's notes. The Time Server WWW page also provides a useful starting point for NTP and xtnp information.

If you want the correct network time on your Windows computer network then you have found the company that specializes in time synchronization using NTP Time Servers. Galleon has supplied thousands of time synchronization solutions to companies across the globe from NASDAQ to Buckingham Palace.

Re NTP, possible solutions, and best implementation

"Nathan J. Mehl" <> writes:

> >     This is a Stratum 0 source so once placed behind a Unix/Cisco/Juniper
> >     box you have a stratum 1 source.   This will cost you 30,000 -> 
> >     100,000 US per unit.   The beam tube will require replacement
> >     approx every 5 years for about 20,000 US.
> They only cost that much new-in-box. :)

The device Nathan references above is a bunch of isolation amplifiers
in a box, used to distribute a standard timing signal to a number of
users without mutual interference to the pulse shape from the end-user
equipment.  It does not contain a primary frequency standard, but has
connections for up to three external references (which are hopefully
running in lockstep :).

While it's true that HP 5061B and 5071 Cs beam frequency standards are
available for far less than the list prices quoted above, they're not
available in working condition on eBay for $350.  :) I think last time
I checked refurbished tubes for the 5061B were a $5-7k proposition.

As others have noted, CDMA-disciplined NTP clocks such as those from
EndRun are indirectly disciplined by GPS in the vast majority of
cases.  It would probably be more honest to configure them to claim to
be stratum 2 NTP servers, but don't tell the marketing folks that;
they'll pitch a fit.

With GPS based NTP appliances, one must pay attention not only to the
manufacturer of the box, but to the actual manufacturer of the GPS
module inside the box.  In years past the Motorola VX and UT OEM
modules have been included by more than one player as the "guts" of
the machine.

Other likely sources are WWV/WWVH (2.5, 5, 10, 15, 20 mhz; medium term
jitter can be problematic due to propagation changes), WWVB (60 khz,
less jitter than WWV, but can be hard to receive ih a high-rfi
commercial environment), CHU (3330, 7335, 14670 khz if you prefer a
Canadian shortwave time/frequency service), DCF77 (for Europe, not too
useful in North America),

Loran-C is of limited life expectancy, and NIST is planning to cease
involvement with time code signals on the GOES satellites after 1
January 2005 (although the birds will continue to provide the
timecode, NIST will no longer be controlling and checking the signal).
Therefore, it's probably not a good idea to make future plans based on
either of these services (although equipment to implement them
short-term may be available at bargain prices!)

The following links may be of interest: Time Synchronization

[Aug 27, 2000] MachineOfTheMonth: Setting the clock in Linux, Part 3

(Aug 27, 2000, 23:23 UTC) (2048 reads) (5 talkbacks) (Posted by mhall)
"We can't all have an atomic clock in our bedroom but what we can do is almost that good. Using your linux box, you could do almost as well. When I say almost, what I mean is base your computer's system time off of the primary (stratum 1) internet network time servers that communicate time using the Network Time Protocol."

codexntpd-code - Network Time Protocol (NTP) daemon

[Oct 9, 2000] InternetWeek The Business and Technology of the Internet

Time is the fire in which we burn." So said Dr. Soran, the protagonist in the movie "Star Trek: Generations." Of course, what he meant to say is: "Time is the absolute reference we use to keep all of our servers, applications and transaction logs in sync." On the U.S.S. Enterprise, it's easy to keep systems synchronized, typically by detecting the quantum state of the universe by emitting anti-tachyon beams from the main deflector array. But, back in the 21st century, we have to use more prosaic methods: Time servers.

Why? For one thing, internal consistency: When tracking down a communications problem between two systems, knowing that the clocks are keeping the same time means event logs, ping reports and other time-stamped data can be analyzed with some degree of confidence. It's also important for alignment with the outside world. When recording e-commerce transactions, it's important to note the time of the request--and in some cases, such as whendealing with securities or other financial transactions, recording the accurate time may be mandated by law.

So why not just set the system clocks? Well, it's hard to set them accurately enough using manual methods. But more importantly, PC clocks drift, sometimes by minutes each day. They can also be reset, either accidentally by an errant program or confused user, or even maliciously by someone who wishes to alter the time stamps.

The solution is to configure each server to periodically request the current time from a common trusted source, and adjust its own real-time clocks accordingly.

NTP (IETF RFC 1035) is the old Unix protocol used by computers to receive and respond to requests for the current time. When properly equipped with a client which can send NTP signals, workstations and servers can request the time from any trusted source. One source that many individuals use is the U.S. government's publicly accessible time servers, such as the U.S. Naval Observatory in Washington, D.C., at, or the National Institute of Standards at Technology in Boulder, Colo., at

Although time clients aren't bundled with most operating systems, they're not hard to find. The one we use for Win32 clients and servers is a free Automachron app, from, which can be configured to work with any NTP server. We've configured Automachron to sync the time of each server at startup, as well as once every hour, from the nearest NTP server, which at this review was

In some cases, however, an Internet-based time server isn't good enough, because of the jitter and uncertainty of packet delivery. It also may be inconvenient to get the time from a distant location or other place where an Internet connection contains considerable delay. When synchronizing multiple sites--across the country or around the world--it may also be important to have a common time standard. That's where TrueTime Inc.'s TimeVault comes in: It's a self-contained NTP server appliance that can acquire extremely accurate time through a variety of sources, including satellites.

It's About Time
TimeVault is a 1U rack-mountable server appliance that acquires accurate time from one of three sources: First, it uses its built-in Global Positioning System to read time being continuously transmitted from a constellation of 29 low-earth-orbit satellites using an external antenna, which ships with the server. When receiving time via GPS, the company claims that the server's clock is accurate to within one microsecond. In that mode, it's known in the industry as a "Stratum 1" time source, the most accurate type of time source on our planet other than labs using atomic clocks.

If a GPS signal isn't available (perhaps the antenna blew down), TimeVault periodically dials NIST's Automated Computer Time Service (ACTS) using its built-in modem and a dedicated phone line. In that case, the system claims to have 2 to 5 microsecond accuracy. If there's no GPS or ACTS signal (maybe the phone line was cut when the antenna fell down), TimeVault attempts to get the time over the Internet from a publicly accessible NTP server. In the meantime, its internal clock keeps time, and provides the time to clients requesting the time via the NTP protocol.

The server itself is extremely simple to install. We plugged in the server, attached the GPS antenna's 25-foot cable to the BNC connector, and leaned the antenna against a window. We also plugged the time server's 10/100 Ethernet port into our LAN. (For best results, the antenna should be situated where it has a complete view of the sky, so that it can "see" at least three GPS satellites; our westward-facing window did the trick, but in a large facility the antenna should go onto the roof.)

After the server booted up, it acquired an IP address from our DHCP server, and the display panel showed its IP address. Since we wanted TimeVault to have a static IP address, we used an array of six push buttons on the server's front to change it. The server then rebooted, and showed the correct address. After about 10 minutes, the server's two-line LED panel lit up with the correct time and date, calibrated against Universal Coordinated Time (UTC), which is the technical name for Greenwich Mean Time.

Clock Me In
At that point, you've got a very expensive two-line clock. In order to use it as a time server, it's necessary to configure devices on the network to interrogate it. Unlike other protocols such as DHCP, time servers do not advertise their services. Clients therefore need to be set up with an NTP client that points to the time server by its IP address or fully qualified name. A DHCP server can also be set up to add the address of the NTP server to its configuration data; in that case, the NTP client must be able to use that information.

Although TimeVault's documentation explains the NTP protocol in excruciating detail, unfortunately it says nothing about how to actually use it. The company's Web site isn't any help, either. Nor does the company provide any NTP client utilities for various operating systems. Fortunately, because we already had been using Automachron on our Windows-based systems, it was easy enough to redirect them from using to www., TimeVault's private address on our network. Still, documentation should have been clearly provided, along with links to NTP client software.

Out of the box, TimeVault can only sync time with the GPS system. To configure it to use ACTS or for it to perform a last-resort time sync over the Internet requires access to its management system. The server is very flexible, offering serial-port console, telnet and Web-based administration.

Via Telnet or serial port access, the server requires a cryptic set of "F" commands, such as F03, which returns the current time, or F60, which displays a status report on the GPS satellites. There's no Telnet help function. If you don't have handy either chapter four of the manual or the easily lost quick-reference card, you won't be able to do anything.

Access to the Telnet and serial functions are protected by username and password.

The Web-based interface is much better. Browsing to Time Vault's IP address results in a pleasant-looking time display, which shows the current time (UTC) and the server's operational status--that is, which time source it's using. This is a straight HTML page, so the time display is static; manually refreshing the page updates the time. From there, the server's various settings can be administered, including setting parameters for calling into NIST's ACT server and configuring it to pull the time over the Internet (or the LAN) from another NTP server. In those cases, a Java applet lets the administrator edit text-based configuration files stored on the appliance--a cryptic process, and again, not one that should be attempted without the manual.

TimeVault is also designed to respond to SNMP polling, and the manual contains details about its custom MIBs, which can report back on satellite status as well as overall functioning of the server. A copy of the MIB is available electronically, and the company says it will work with HP OpenView and Sun's X-SNMP package.

TimeVault's developers clearly know their time sources, but have a lot to learn about user-friendly appliance design.

Fortunately, it's probably not a device that needs to be administered frequently.

Does Anyone Really Know What Time It Is?
TimeVault is a very specialized piece of equipment. Although all network servers should be aligned to a common and trusted time source to keep their clocks and logs in sync, few networks will require the Stratum 1 precision that TimeVault offers. If being accurate within a few seconds is good enough, then aligning with, or any other publicly accessible time server might be good enough. For large organizations, it might be advisable to set up a single time-server internally, which is synched against one of those services.

But in cases where there's a need for extreme precision and reliability on behalf of the servers--such as when monitoring financial or e-commerce transactions; monitoring service level agreements; or supplying time service to sites with poor Internet access--the Stratum 1-level TimeVault will supply a degree of accuracy unavailable otherwise.

This might also serve businesses in good stead if they need to document the source of their time stamps, to meet regulatory or ISO-9000 requirements. In those cases, TimeVault is a simple solution that can do the job with precision.

Though, frankly, wouldn't you rather squirt some antitachyons from the main deflector array?

Alan Zeichick is principal analyst with Camden Associates and is a contributing editor to InternetWeek. He can be reached at

Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended



Time & Time Zone Links




NTP Tutorials


Port Name Description/Accuracy Source
13 tcp/udp Daytime Returns the day and time in an ASCII string. No accounting for different time zones, daylight savings, etc. Very inaccurate. RFC867
37 tcp/udp Timeserver Returns the number of seconds since 00:00 (midnight) 1 January 1900 GMT, such that the time 1 is 2:00:01 am on 1 January 1900 GMT. No accounting for different time zones, daylight savings, etc. Very inaccurate. RFC868
52 tcp/udp Xns-time Xerox Time (RFC1700)
123 tcp/udp NTP/SNTP NTP (Network Time Protocol) or SNTP (Simple Network Time Protocol). Accurate to the limitations of the clock hardware. RFC1305, RFC2030
309 EntrusTime ??? Entrust Time protocol ??? GnatBox Admin Tool
519 tcp/udp unixtime utime (RFC1700)
525 tcp/udp Timeserver Timed (RFC1700)
1506 Utcd UTC (Universal Time Coordinated, AKA GMT, AKA Zulu) daemon GnatBox Admin Tool


  1. Protocols marked with (RFC1700) are listed, but not defined in the RFC.
  2. Protocols marked with GnatBox Admin Tool are listed in the services list in the executable.



Why is UTC used as the acronym for Coordinated Universal Time instead of CUT?
In 1970 the Coordinated Universal Time system was devised by an international advisory group of technical experts within the International Telecommunication Union (ITU). The ITU felt it was best to designate a single abbreviation for use in all languages in order to minimize confusion. Since unanimous agreement could not be achieved on using either the English word order, CUT, or the French word order, TUC, the acronym UTC was chosen as a compromise.
Which is correct, UTC or GMT? Does GMT have summer time?
During the Summer the UK is on British Summer Time which is 1 hour ahead of GMT (GMT+1).
GMT is fixed all year and does not switch to daylight savings time.
Although GMT has been replaced by atomic time (UTC) it is still widely regarded as the correct time for every international time zone. Greenwich Mean Time is international time, the basis of the world time clock. Marks precision time and military time (sometimes called Zulu Time).
What some critical and significant dates in computing?
See J R Stockton's Critical and Significant Dates.
Hey, what time is it anyway?
About comp.protocols.time.ntp: life imitates art.


Module: ntp

Announced: 2001-04-09

Credits: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>


Poul-Henning Kamp <>



Versions of the Network Time Protocol Daemon (ntpd) previous to and including 4.0.99k have a remote buffer overflow which may lead to a remote root exploit.


The Network Time Protocol Daemon is vulnerable to a remote buffer overflow attack which could potentially be exploited to gain remote root access.

The buffer overflow occurs when building a response to a query with a large readvar argument. The shellcode executed must be less than 70 bytes, otherwise the destination buffer is damaged. This makes the vulnerability difficult but not impossible to exploit. Furthermore, it should be noted that it is easy to spoof the source address of potential malicious queries to an ntp server.


Remote users could adapt available exploits to gain root privileges.

Windows Clients

Note: Win 2000 and XP have built-in NTP services.


Random Findings

If time is not consistent across your network

  1. ISO/IEC 17799:2000(E) (AKA BS7799), clause 9.7.3 specifies "Clock synchronization:"
    "[...]Where a computer or communications device has the capability to operate a real-time clock, it should be set to an agreed standard, e.g. Universal Coordinated Time (UCT) or local standard time. As some clocks are known to drift with time, there should be a procedure that checks for and corrects any significant variation."
  2. Event Logging, Auditing or Intrusion Detection across different systems becomes very difficult.
  3. Many cryptographic functions, especially those involving key creation, exchange and expiration, as well as "ticketing" functions such as used by Kerberos require precise time synchronization.
  4. Event or program scheduling may not work as expected.
  5. Client/Server transactions may not work as expected (transaction precedence is incorrect).
  6. There may be legal issues when submitting logs or other material as evidence if the time is not known to be correct.1
  7. Security certificates, WWW Cookies, DHCP and WINS leases may not work as expected.
  8. High Availability or clustering solutions may depend on members clocks being exactly synchronized.
  9. File creation and access times will be wrong acorss different computers, thus:
    1. Differential, Incremental or other backups may not work as expected.
    2. Revision control systems (such as CVS) may not work properly.
    3. E-Mail Message time stamps may be wrong, leading to unexpected transmission issues.
  10. NetWare NDS will not work right unless all NDS servers have the same time.
  11. Neither will Active Directory, even though it says it will. If you have an object collision (two objects are modified at the same time by different people on different masters) the time stamp is used to help resolve the conflict. If time is not synchronized, the results will not be as expected.

For more uses or requirements for time synchronization, search the RFCs for other RFCs that specify the use of NTP.

1) See Securing Windows NT/2000 Servers for the Internet by Stefan Norberg, page 153.

Time Synchronization Tools

The Microsoft Networking "Net Time" Command

Displays the time on or synchronizes your computer's clock with the shared clock on a Microsoft Windows for Workgroups, Windows NT, Windows 95, or NetWare time server.

NET TIME [\\computer | /WORKGROUP:wgname] [/SET] [/YES]

  computer    Specifies the name of the computer (time
              server) whose time you want to check or
              synchronize your computer's clock with.

  /WORKGROUP  Specifies that you want to use the clock on a
              computer (time server) in another workgroup.

  wgname      Specifies the name of the workgroup containing
              a computer whose clock you want to check or
              synchronize your computer's clock with. If
              there are multiple time servers in that
              workgroup, NET TIME uses the first one it

  /SET        Synchronizes your computer's clock with the
              clock on the computer or workgroup you

  /YES        Carries out the NET TIME command without
              first prompting you to provide information or
              confirm actions.

For example, if your PCD is named MYPDC, the following command in a shortcut in your Startup Group, or in a logon script will synchronize a client PC's time at logon. Note, if your clients never log off, this will not work. Of course, that's very bad for other reasons. This works for any system that runs Microsoft Networking. You can even sync again a Linux server running Samba with this command, if you'd like!

"net time \\MYPDC /set/ yes"

Win2K NTP Time Service

Win2K has a very simple SNTP facility built in: "net time /setsntp[:NTP server list]". See the following for more information:

Here is the batch file I use, since I find the documentation lacking and the usage statement obscure:

@echo off
REM Win2k-SNTP.bat -- Set Win2K SNTP service
REM v1.0 25-May-2001 JP Vossen <JPATjpsdomainDOTcom>
REM v1.1 22-Jun-2001 JPV Changed to use home NTP time source only

rem NOTE: The Win2K "Windows Time" service is manual by default, so you have to
rem set it to automatic and start it. Also, it will attempt to use all specified
rem time sources and get an "average" so only specify servers that will be
rem available at all times. Do not use the list as a set of sequential
rem "failover" servers (as I did in v1.0 of this).

rem NET TIME /SETSNTP:" 10.1.1."

You can see how it's currently set by using this command: "net time /querysntp" which will return something like:

The current SNTP value is:
The command completed successfully.

NTP Tools for Netware

For a small network with one or more NetWare servers, but no WAN links or remote sites:

  1. Choose some time servers from The List of Network Time Servers, don't use the ones listed in TID 10011518.
  2. Set one NetWare server as the SINGLE Reference server. This server will sync itself to the NTP time.
  3. Set any/all other NetWare servers as SECONDARY.

For a small network with more than one NetWare server, and with WAN links or remote sites:

  1. Choose some time servers from The List of Network Time Servers, don't use the ones listed in TID 10011518.
  2. Set one NetWare server as the REFERENCE server. This server will sync itself to the NTP time.
  3. Set one other NetWare server at the main site, and one NetWare server at each remote site as a PRIMARY server.
  4. Set all other NetWare servers as SECONDARY.

Note: usually, the REFERENCE server does not ever change it's own time, it just serves the time. However, when using NTP, the REFERENCE server will adjust its local clock to synchronize with the NTP time source. See the middle of TID 10050215.

Thanks to Steve Schrank & Bob Kulp for some of these Netware pointers.

NTP Tools for UNIX

See the following articles as well. They are Sun centric, but still relevant for other UNIX systems:

NTP for Cisco IOS

Thanks to Greg Sottile for this section on IOS.

Commands are the following:

IOS Commands Description
clock timezone est -5 Set your correct time zone.
clock summer-time edt recurring Set daylight savings.
ntp master 6 Become an NTP server.
ntp update-calendar Periodically set calendar from an NTP server. Supported by 7000, 7200, 4500.
ntp server {insert your favorite NTP server here} NTP server from which to get the time

NTP for Nokia IPSO

IPSO comes with xNTP, but you can't change the default polling, which is something like every minute and a half. Until Voyager is enhanced to provide this capability, there is no easy way to do it. You could edit the ntp.conf file, but Voyager will overwrite it at bootup. is a script I got from Nokia support database resolution 3808 (Thanks Dameon), with minor modifications and additional documentation. Read the code for more details. Choose some time servers from The List of Network Time Servers.

Other Lists of Time Client and/or Server Programs


Q1: Which statement about the NTP "fudge" utility is true?

  1. It is a keyword in NTP drift file.
  2. It is a keyword used in configuration of  the reference clocks.
  3. It is a keyword that causes NTP messages to be logged by syslogd
  4. It is a NTP configuration file keyword used for automatic adjustments to the server system clock using fudge unit.

A: b

Q2: Which is the effect of specifying NTP server IP address in the configuration file?

  1. This address identifies a well-known address for communication with all other NTP servers available.
  2. This is an well know address of an external reference server with the NTP-assigned address of
  3. This address indicates the special type of the reference clock used by a NTP server (undisciplined local clock.)
  4. This address should be provided in any NTP client's configuration file to ensure proper solicitation of  local NTP servers.

A: c


FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  


Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy


War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes


Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law


Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least

Copyright © 1996-2016 by Dr. Nikolai Bezroukov. was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case is down you can use the at


The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: December 01, 2015