Hello All,    We are in an odd situation, where a recent penetration test indicated that our Meraki MX devices were running NTP servers on their internal interfaces. Upon inspection, we found this to be true. Here are the results of my NMAP scan.    Starting Nmap 7.98 ( https://nmap.org ) at 2025-11-03 15:54 -0500 Nmap scan report for [redacted MX IP] Host is up (0.013s latency). Not shown: 998 open|filtered udp ports (no-response), 996 filtered tcp ports (no-response) PORT STATE SERVICE 80/tcp open http 81/tcp closed hosts2-ns 179/tcp closed bgp 8090/tcp open opsmessaging 123/udp open ntp 161/udp open snmp   When querying this port, we also see that it responds with valid NTP data.  "C:\Windows\System32\w32tm.exe" /stripchart /computer:redacted /dataonly /samples:3 Tracking [redacted] [redacted:123]. Collecting 3 samples. The current time is 11/4/2025 7:55:12 AM. 07:55:12, +00.0219445s 07:55:14, +00.0150663s 07:55:16, +00.0221457s   I can find this documented anywhere. Does anyone else see this behavior? They are claiming it can be "timeroasted" which is false as its not part of our domain, but still was a curious find.  ... View more