Re: [Ntp] Antwort: Re: Symmetric mode
Miroslav Lichvar <mlichvar@redhat.com> Mon, 26 September 2022 10:54 UTC
Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21A18C14F725 for <ntp@ietfa.amsl.com>; Mon, 26 Sep 2022 03:54:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.677
X-Spam-Level:
X-Spam-Status: No, score=-2.677 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nbdqfb7XMI7N for <ntp@ietfa.amsl.com>; Mon, 26 Sep 2022 03:54:29 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53F0BC14CE3C for <ntp@ietf.org>; Mon, 26 Sep 2022 03:53:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1664189617; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=RJxDww1J9wCQ20CEdkJdvhxXxup212UBwZkveXWH/ps=; b=YpNk+nmB1myNl4a+P4C33pdtZNFFSLphHnYj/EeSHrH2JNIPoZ3cq4bOD8GdMaPznKOf+Z llFuPuDE4hZ8CUgHGVpB9OcypXp4nfe3U5ixaXDFKyS93BtsduwRoxz+9Yh2WF3M00Ctwa DNlkY1qOZG/LpRxqeAZ36mzRGR5Ka44=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-454-OEJf7tZlORutczlRRiSCyg-1; Mon, 26 Sep 2022 06:53:34 -0400
X-MC-Unique: OEJf7tZlORutczlRRiSCyg-1
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E30353C01DE7; Mon, 26 Sep 2022 10:53:33 +0000 (UTC)
Received: from localhost (unknown [10.43.135.229]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 555A94750A5; Mon, 26 Sep 2022 10:53:33 +0000 (UTC)
Date: Mon, 26 Sep 2022 12:53:32 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Danny Mayer <mayer@pdmconsulting.net>
Cc: kristof.teichel=40ptb.de@dmarc.ietf.org, ntp@ietf.org
Message-ID: <YzGErHj7nkt+Ehd8@localhost>
References: <880b8ec4-e112-e2e2-f48c-c940064bc749@pdmconsulting.net> <mayer@pdmconsulting.net> <796c33e6-02dc-0665-c8a2-a143f9100bdd@pdmconsulting.net> <20220919024614.4AB8328C1E2@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <YygwAeTMeSHXXk6t@localhost> <OF42F0D0F6.E94FA935-ONC12588C3.005225C3-C12588C3.0054DC8B@ptb.de> <d13df0b6-7c47-820e-5dbd-21dd7e2d4801@pdmconsulting.net> <YywRhCmTD4mt8KTy@localhost> <9eac8a08-80d7-0d23-940a-d00c4bb2382f@pdmconsulting.net>
MIME-Version: 1.0
In-Reply-To: <9eac8a08-80d7-0d23-940a-d00c4bb2382f@pdmconsulting.net>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/1eTvwbdyPcOhWioBX66YGWaSWuY>
Subject: Re: [Ntp] Antwort: Re: Symmetric mode
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2022 10:54:35 -0000
On Sat, Sep 24, 2022 at 07:20:36PM -0400, Danny Mayer wrote: > On 9/22/22 3:40 AM, Miroslav Lichvar wrote: > > The peer doesn't know if a received message is a new one or it was > > already sent before by one of the peers. It doesn't have an infinite > > storage and there can be messages lost in the network. > When a peer is acting as the client it knows if it already has received the > message. If the peer is acting as the server then it acts as if that's a new > request from a client and responds appropriately. The trouble is that the peer is doing both the client and server part of the protocol at the same time. The server responds only once per polling interval and it doesn't know which request is the genuine request from the other peer, so replays can cause a denial of service due to the response having an origin timestamp from the attacker's replay instead of the peer's request. > > The IP addresses and ports are not included in the data authenticated > > by the NTP MAC. You can replay an authenticated NTP messages from any > > address and any port. > First of all you know what IP addresses you are peering with, so that > wouldn't work anyway. I assume that you are talking about the peer acting as > a client so if it's a replay attack it wouldn't work as the peer acting as a > client has already received the packet so it would discard the replay > packet. No, this is about the server part. If the server allows ephemeral associations, the attacker can create an unlimited number of them and prevent a real peer from > > And if you > > specify the other peer on both ends, you can just as well use the > > client/server mode. It will double the NTP traffic, but it will be > > more secure. > > No, that's not true. Symmetric peer mode uses the same number of packets as > client/server Here is a packet capture comparing two systems polling each other like this: A: server B minpoll 3 maxpoll 3 B: server A minpoll 3 maxpoll 3 vs this: A: peer B minpoll 3 maxpoll 3 B: peer A minpoll 3 maxpoll 3 10:30:25.051989 IP 192.168.50.2.ntp > 192.168.50.1.ntp: NTPv4, Client, length 48 10:30:25.052171 IP 192.168.50.1.ntp > 192.168.50.2.ntp: NTPv4, Server, length 48 10:30:25.476877 IP 192.168.50.1.ntp > 192.168.50.2.ntp: NTPv4, Client, length 48 10:30:25.476911 IP 192.168.50.2.ntp > 192.168.50.1.ntp: NTPv4, Server, length 48 10:30:33.051990 IP 192.168.50.2.ntp > 192.168.50.1.ntp: NTPv4, Client, length 48 10:30:33.052176 IP 192.168.50.1.ntp > 192.168.50.2.ntp: NTPv4, Server, length 48 10:30:33.476129 IP 192.168.50.1.ntp > 192.168.50.2.ntp: NTPv4, Client, length 48 10:30:33.476175 IP 192.168.50.2.ntp > 192.168.50.1.ntp: NTPv4, Server, length 48 10:30:57.719140 IP 192.168.50.1.ntp > 192.168.50.2.ntp: NTPv4, symmetric active, length 48 10:30:59.393583 IP 192.168.50.2.ntp > 192.168.50.1.ntp: NTPv4, symmetric active, length 48 10:31:05.718401 IP 192.168.50.1.ntp > 192.168.50.2.ntp: NTPv4, symmetric active, length 48 10:31:07.393583 IP 192.168.50.2.ntp > 192.168.50.1.ntp: NTPv4, symmetric active, length 48 As you can see, there are 4 client/server mode packets per poll, but only 2 symmetric mode packets per poll. > and as I said above it's no more vulnerable than > client/server. No, there are at least three security issues specific to the symmetric mode. You don't seem to be following what others have been saying here for years. As an example, I can show you how the replay attack breaks a symmetric association configured as in the previous test. Before the attack starts ntpq -pn on the peer B prints: remote refid st t when poll reach delay offset jitter ============================================================================== *192.168.50.1 10.2.32.37 3 s 3 8 377 0.124 +4.482 2.969 After capturing a single packet from B to A with tcpdump and replaying it with tcpreplay once per second for 8 polling intervals the reachability reported by ntpq drops to zero, i.e. no valid response was received and synchronization is broken: remote refid st t when poll reach delay offset jitter ============================================================================== 192.168.50.1 10.2.32.37 3 s 8 8 0 0.011 +4.770 1.927 Here is the complete packet capture if you want to check how the peer A is sending messages with wrong origin timestamp: https://fedorapeople.org/~mlichvar/tmp/ntp-replay.pcap Repeating the replay once per second is not necessary, but this was easier than trying to time it between the request and response. -- Miroslav Lichvar
- [Ntp] NTPv5 Loop Detection without Stratum Heiko Gerstung
- Re: [Ntp] NTPv5 Loop Detection without Stratum Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum Paul Gear
- [Ntp] Antw: [EXT] NTPv5 Loop Detection without St… Ulrich Windl
- Re: [Ntp] NTPv5 Loop Detection without Stratum Harlan Stenn
- Re: [Ntp] NTPv5 Loop Detection without Stratum Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum Heiko Gerstung
- [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection withou… Ulrich Windl
- Re: [Ntp] NTPv5 Loop Detection without Stratum Danny Mayer
- Re: [Ntp] Antw: [EXT] NTPv5 Loop Detection withou… Danny Mayer
- [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detection … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… David Venhoek
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Hal Murray
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Miroslav Lichvar
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Heiko Gerstung
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Harlan Stenn
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Harlan Stenn
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Harlan Stenn
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Hal Murray
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Miroslav Lichvar
- [Ntp] Antw: Re: Antw: Re: Antw: Re: Antw: [EXT] N… Ulrich Windl
- [Ntp] SNTP and extension fields (WAS: Re: Antw: R… kristof.teichel
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … kristof.teichel
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … kristof.teichel
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- Re: [Ntp] SNTP and extension fields (WAS: Re: Ant… Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- [Ntp] Antw: Re: SNTP and extension fields (WAS: R… Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection withou… Ulrich Windl
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection wi… Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection withou… Ulrich Windl
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] Symmetric mode Danny Mayer
- [Ntp] Antwort: Re: Symmetric mode kristof.teichel
- Re: [Ntp] Symmetric mode Hal Murray
- [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection withou… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection wi… Harlan Stenn
- [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 Loop Detect… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 Loop De… Harlan Stenn
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Harlan Stenn
- Re: [Ntp] Symmetric mode Hal Murray
- [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric mode Ulrich Windl
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Antwort: Re: Symmetric mode Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Hal Murray
- [Ntp] Antw: Re: Antw: [EXT] Re: Antwort: Re: Symm… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Ulrich Windl
- Re: [Ntp] Antwort: Re: Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: Antwort: Re: … Danny Mayer
- Re: [Ntp] Symmetric mode Hal Murray
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Symmetric mode Harlan Stenn
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] Antwort: Re: Symmetric mode Miroslav Lichvar
- Re: [Ntp] Symmetric mode Danny Mayer
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Antwort: Re: Symmetric mode Miroslav Lichvar
- Re: [Ntp] Symmetric mode Hal Murray
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Symmetric mode Doug Arnold
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Harlan Stenn
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Antwort: Re: Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Doug Arnold
- Re: [Ntp] Symmetric mode David Venhoek
- Re: [Ntp] Antwort: Re: Symmetric mode Miroslav Lichvar
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Danny Mayer
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl