Meraki

Community

MX's Running NTP Server - Undocumented?

Solved
tyler_dami
Conversationalist
Tuesday
Tuesday

MX's Running NTP Server - Undocumented?

Hello All, 

 

We are in an odd situation, where a recent penetration test indicated that our Meraki MX devices were running NTP servers on their internal interfaces. Upon inspection, we found this to be true. Here are the results of my NMAP scan. 

 

Starting Nmap 7.98 ( https://nmap.org ) at 2025-11-03 15:54 -0500
Nmap scan report for [redacted MX IP]
Host is up (0.013s latency).
Not shown: 998 open|filtered udp ports (no-response), 996 filtered tcp ports (no-response)
PORT     STATE  SERVICE
80/tcp   open   http
81/tcp   closed hosts2-ns
179/tcp  closed bgp
8090/tcp open   opsmessaging
123/udp  open   ntp
161/udp  open   snmp

 

When querying this port, we also see that it responds with valid NTP data. 

"C:\Windows\System32\w32tm.exe" /stripchart /computer:redacted /dataonly /samples:3

Tracking [redacted] [redacted:123].
Collecting 3 samples.
The current time is 11/4/2025 7:55:12 AM.
07:55:12, +00.0219445s
07:55:14, +00.0150663s
07:55:16, +00.0221457s

 

I can find this documented anywhere. Does anyone else see this behavior? They are claiming it can be "timeroasted" which is false as its not part of our domain, but still was a curious find. 

Labels:
0 Kudos
1 Accepted Solution
tyler_dami
Conversationalist
Tuesday
Tuesday

Looks like it is documented, thanks Meraki support!

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Configuring_DHCP_Serv...

tyler_dami_0-1762271390495.png

 




View solution in original post

5 Replies 5
Mloraditch
Kind of a big deal
Kind of a big deal
Tuesday
Tuesday

I've also never seen any documentation for it, but have definitely been aware of it. Here's a thread in 2018 where someone points it out: https://community.meraki.com/t5/Switching/NTP-server/m-p/9551#M686

I can't find any references to where support can turn it off, but you could certainly ask if it's a concern.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Mloraditch
tyler_dami
Conversationalist
Tuesday
Tuesday

Thanks for linking that post! Odd that its not documented anywhere, but it seems others also see this behavior. 


I opened a ticket with Meraki support to see what they have to say as well. I will update the thread here when I find something. 

 

I am not concerned, but my pen tester is claiming the NTP server is "leaking" machine account hashes, even though the MX is obviously not part of the domain. 🙃 

Gotta love pen tests!

0 Kudos
tyler_dami
Conversationalist
Tuesday
Tuesday

Looks like it is documented, thanks Meraki support!

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Configuring_DHCP_Serv...

tyler_dami_0-1762271390495.png

 




PhilipDAth
Kind of a big deal
Kind of a big deal
Tuesday
Tuesday

I'm going to use this!  This is useful.

0 Kudos
BHC_RESORTS
Head in the Cloud
Tuesday
Tuesday

We discovered this as well in 2016. There was a problem with the time being incorrect. We opened a case and support said using the MX as an NTP server was not supported. We didn't want to use the NTP, it was just something we noticed.

BHC Resorts IT Department
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.