AboutStatisticsCurrent load



Connecting to the free NTP server

Connection to the NTP server is available to everyone and does not require additional software installation. In addition, it is completely free of charge. The server address for use in the operating system or hardware settings:


Synchronization runs via UDP protocol port 123. To obtain the time from the NTP server, make sure that the firewall does not block the traffic.

When setting up the equipment for free NTP server time synchronization, it is best to use the server name instead of the IP address. If the server location changes, the synchronization name will continue to run without requiring the change of settings. If the equipment supports the synchronization settings only by IP address, sending the exact time request to the server in case of address change will impossible and the change of settings will be required. Find out the current server IP address using the command nslookup nslookup ntp.mobatime.ru

Please do not configure time synchronization via the Task Scheduler or Cron! This configuration results in a peak load on the server at the beginning of each minute, hour or day.

Пиковая нагрузка на NTP сервер

It makes no sense to set up synchronization after a certain time interval (for example, every 5 minutes), because in this interval the accuracy of the clock is sufficient to maintain accurate time, even in the most simple devices. There is specifically designed time synchronization service available in both Windows and Linux. The algorithms built in the operating systems independently evaluate the time accuracy and request synchronization only if it is really necessary.

Over the entire operation of the Mobatime free NTP server, there were cases when users sent unreasonably large number of requests per second to the server. At the moment, several users request synchronization with an intensity of up to 500 requests per second each. We have to automatically detect and deny access to the time server to such users by means of specially developed software.

DoS атака на NTP сервер

This software detects the users who have configured time synchronization via the Task Scheduler or Cron and adds their IP addresses to the list of unserved users for a few days. If your system no longer synchronizes with the NTP server, make sure there are no errors in the settings and check the frequency of synchronization requests. This can be done with the help of a sniffer by configuring it to collect the traffic between your system and the NTP server via UDP to the port 123. If you use ipfw, the number of requests can be easily assessed by viewing the ipfw -a list command output. For the rule that allows sending traffic to the NTP server, the counter should slightly rise.

If you maintain the operation of a large local network, adjust the synchronization on any server using Mobatime NTP server and install your own NTP server. It will run in the second stratum and provide the exact time for the entire network. It is a bad idea to send time requests from all users of a large local area network (hundreds of work places) through NAT to the NTP server. Most likely, the server will soon refuse to process a number of requests from the same IP address. If the network is based on Microsoft software and uses the domain structure, all you have to do in order to allow users get the exact time is set up domain controllers synchronization with the NTP server. All users will be automatically synchronized with the exact time.

Remember that Kerberos stops working in case the deviation between the user and the server time is over 5 minutes. It is also necessary to set up time synchronization between the guest and host systems or time server using virtualization.