- NTP Scanning Project

General statistics are available via this graph

Search my IP space (eg: - searches "larger" than /22 will be rejected):

If you are a member of the general public:

How can I check my server? - run the command ntpdc -n -c monlist or ntpq -c rv - If you see a response, your server may be used in attacks.

How can I fix my server, router or other device? You should upgrade tp NTP-4.2.7p26 or later. You can add disable monitor to your ntp.conf and restart your NTP process if on an earlier version. Also check out the Team Cymru Secure NTP Template - Also see NTP Bug #1532

The server should also not respond to loopinfo or iostats requests as well

We test the internet for NTP MODE 6 and MONLIST MODE 7 responses.

Cisco customers should ask about or open a case against CSCtl20300, CSCuj66318 or CSCum44673.

Recent News:

2014-02-22 - Amplification Hell: Revisiting Network Protocols for DDoS Abuse

2014-02-13 - Technical Details behind 400Gb/s NTP attack

2014-01-13 - 100Gb/s attacks using NTP

2013-12-26 - Christmas 2013 NTP Attacks

If you are a member of the security community:

You can contact the ntp-scan /at/ to obtain the raw data. It is available for re-use in your reporting.

About US: is operated in conjunction with Network Time Foundation. If this service is valuable, please consider joining or donating to NTF.