From my reading of this page, it appears that ntp doesn't use the INADDR_ANY 0.0.0.0 address exclusively partly for security reasons, and partly for authentication reasons. First port 123, is below 1024, and so is considered a privileged port, and only root can bind to that port. Ntp is typically set to drop privileges after it is started.
Solved: Different between port 123 (ntp) and 37 (timeserve When operating over UDP, the client sends a (typically empty) datagram to UDP port 37. The server responds with a single datagram of length 4 containing the time. There is no connection setup or teardown. The TIME protocol has been superseded by the Network Time Protocol (NTP). ntp-info NSE Script - Nmap Gets the time and configuration variables from an NTP server. We send two requests: a time request and a "read variables" (opcode 2) control message. Without verbosity, the script shows the time and the value of the version , processor , system , refid , and stratum variables.
How to Configure NTP Server on Windows Server 2019
UDP-Based Amplification Attacks | CISA
The firewall needs to be able to send traffic to the internet for DNS resolution of the NTP server host-names and of course for the NTP protocol itself (UDP port 123) If custom servers are desired, simply specify the host-names (FQDNs) or IP addresses of your NTP servers below.
Dec 15, 2003 How to Configure NTP Server on Windows Server 2019