Port Randomization in the Network Time Protocol Version 4

Document Type Replaced Internet-Draft (candidate for ntp WG)
Authors Fernando Gont  , Guillermo Gont 
Last updated 2019-08-27 (latest revision 2019-08-06)
Replaced by draft-ietf-ntp-port-randomization
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream WG state Call For Adoption By WG Issued
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-ntp-port-randomization
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The Network Time Protocol can operate in several modes. Some of these modes are based on the receipt of unsolicited packets, and therefore require the use of a service/well-known port as the local port number. However, in the case of NTP modes where the use of a service/well-known port is not required, employing such well-known/ service port unnecessarily increases the ability of attackers to perform blind/off-path attacks. This document formally updates RFC5905, recommending the use of port randomization for those modes where use of the NTP service port is not required.


Fernando Gont (fgont@si6networks.com)
Guillermo Gont (ggont@si6networks.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)