Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 123 (tcp/udp) Attack Activity - SANS Internet Storm Center Port 123 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp NetController [trojan] Net Controller
tcp ntp Network Time Protocol
udp ntp Network Time Protocol
Top IPs Scanning
TodayYesterday
45.61.185.126 (1258)45.61.185.126 (1718)
85.199.214.100 (1022)85.199.214.100 (1295)
209.141.52.152 (752)209.141.52.152 (1244)
144.168.163.114 (645)205.185.127.50 (822)
103.172.29.70 (642)202.55.134.158 (815)
146.88.240.4 (576)147.203.255.20 (659)
202.55.134.158 (533)146.88.240.4 (622)
209.141.56.201 (410)209.141.44.70 (558)
205.185.127.50 (337)154.89.5.94 (378)
45.144.112.139 (332)209.141.32.225 (340)
User Comments
Submitted By Date
Comment
2014-07-05 00:42:34
ntp can be used for amplificating ddos attacks: http://nsfocusblog.com/2014/06/24/nsfocus-releases-ntp-amplification-threat-update/
Kutbuddin Trunkwala 2005-04-19 15:50:12
Two more vulnerabilities pertaining to NTP. http://www.securityfocus.com/bid/6356 Only HP-UX is vulnerable http://www.securityfocus.com/bid/10980 Several Microsoft products/versions affected
Derek Shull - Christian Cyber Security Service Owner 2005-03-26 02:48:26
This is used by Sobig virus. http://www.microsoft.com/isaserver/support/prevent/sobig.asp#aa
Add a comment
CVE Links
CVE # Description
CVE-2015-7703
CVE-2016-9042 An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.