Re: [Ntp] Details of the fragmentation attacks against NTP and port randomization

"Gary E. Miller" <gem@rellim.com> Thu, 13 June 2019 17:00 UTC

Return-Path: <gem@rellim.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35040120154 for <ntp@ietfa.amsl.com>; Thu, 13 Jun 2019 10:00:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.079
X-Spam-Level:
X-Spam-Status: No, score=-0.079 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, MISSING_HEADERS=1.021, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E87sFCISE-gA for <ntp@ietfa.amsl.com>; Thu, 13 Jun 2019 10:00:08 -0700 (PDT)
Received: from rellim.com (spidey.rellim.com [204.17.205.8]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 719EB12011C for <ntp@ietf.org>; Thu, 13 Jun 2019 10:00:08 -0700 (PDT)
Received: from localhost (spidey.rellim.com [204.17.205.8]) by rellim.com (Postfix) with ESMTPSA id DA9CC202A7F for <ntp@ietf.org>; Thu, 13 Jun 2019 10:00:06 -0700 (PDT)
Date: Thu, 13 Jun 2019 10:00:06 -0700
From: "Gary E. Miller" <gem@rellim.com>
Cc: ntp@ietf.org
Message-ID: <20190613100006.45108edd@rellim.com>
In-Reply-To: <OF8F5917D8.BA274E92-ONC1258418.004C2FAF-C1258418.0052EEFB@ptb.de>
References: <CAN2QdAGS20q=7+r+qMFEBBu4gNmSDR9-vYDbvgC=ZnqWLEU-6w@mail.gmail.com> <739c2eaa-05f1-0b30-4b64-fc5d3f91ce5b@pdmconsulting.net> <a3a545cf-d83d-a2c7-ad6c-3e349de78615@si6networks.com> <9f75e400-cf2f-053f-ed06-f4d6df415eaf@pdmconsulting.net> <70d86938-5d50-7732-5257-c698d7d308d6@si6networks.com> <b4a5d0ec-606e-7994-9bc9-e21e24f38def@ntp.org> <f4b5312c-b02c-ee51-1c59-f0467f51ab77@si6networks.com> <OF8F5917D8.BA274E92-ONC1258418.004C2FAF-C1258418.0052EEFB@ptb.de>
Organization: Rellim
X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; boundary="Sig_/lalWrp1zfYDcVmTbz=NZhk3"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/5bZhsVSiJeC4LJ5chTX2SncKyjU>
Subject: Re: [Ntp] Details of the fragmentation attacks against NTP and port randomization
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2019 17:00:10 -0000

Yo kristof.teichel@ptb.de!

On Thu, 13 Jun 2019 17:06:18 +0200
kristof.teichel@ptb.de wrote:

> As I see it, 1) puts the burden-of-proof on anyone arguing not to opt
> for mandating port randomization.

One nit.  As discussed here previously.  Randomizing the NTP port on
each server request degrades the quality of the time received.

Keeping the same random port, per server, for a while, works OK.

> 4) Randomizing ports might or might not in some cases have
> significant disadvantages

See above.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem@rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin