Re: [Ntp] [EXT] Re: NTPv5 KISS code support

Miroslav Lichvar <mlichvar@redhat.com> Sat, 04 November 2023 08:22 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED94BC05E038 for <ntp@ietfa.amsl.com>; Sat, 4 Nov 2023 01:22:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xqp7wBRKrryc for <ntp@ietfa.amsl.com>; Sat, 4 Nov 2023 01:22:53 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BADEC05E033 for <ntp@ietf.org>; Sat, 4 Nov 2023 01:22:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1699086172; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=0Q7wBCqNRZve65avx3CiUHjND6DUmqBv9WQh+SQFqOU=; b=AWn6ARR7JjCwtqjmCmozCAMaU316GFq225a/hNJzwtuuuu4QG7ZhLSAd7i7mDII7I/t/TM xAQ0xdSN9i4XNUgGR0ye68NiVrk8WCIU8PBobaTWAEVpww+yEEE9w430O15AQ8+TIO2klF zyPpH6YRO1M6jmIJ2KEDc2y2UXmgQEY=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-266-I8A5lf__Nty0znfZJal9ig-1; Sat, 04 Nov 2023 04:22:48 -0400
X-MC-Unique: I8A5lf__Nty0znfZJal9ig-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 04F8E80F8F2; Sat, 4 Nov 2023 08:22:48 +0000 (UTC)
Received: from localhost (unknown [10.43.135.229]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 843D61121308; Sat, 4 Nov 2023 08:22:47 +0000 (UTC)
Date: Sat, 04 Nov 2023 09:22:46 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Hal Murray <halmurray+ietf@sonic.net>
Cc: NTP WG <ntp@ietf.org>
Message-ID: <ZUX/VmCu/3Qoy5av@localhost>
References: <20231103144722.40CB928C239@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
MIME-Version: 1.0
In-Reply-To: <20231103144722.40CB928C239@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/8rNGQs_C1xUxal5xs4f8yps4UhY>
Subject: Re: [Ntp] [EXT] Re: NTPv5 KISS code support
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Nov 2023 08:22:57 -0000

On Fri, Nov 03, 2023 at 07:47:22AM -0700, Hal Murray wrote:
> The second case is bad guys or broken software.  Broken software isn't going 
> to pay any attention to anything.  Bad guys can use UDP with a forged source 
> address to DoS a victim.
> 
> We have decided not to allow amplification.  Do we need rate limiting too?

NTPv5 shouldn't prevent rate limiting, but maybe it should provide
some guidance on how it should work to avoid security issues. If the
server completely stops responding to an address when it gets too many
request over an interval (I think the ntp.org implementation still
does this), it is a security issue (denial of service) which can be
exploited by attackers sending requests with spoofed source address at
the rate which triggers rate limiting. Instead, the server should
always respond to some fraction of requests selected randomly, so the
victim always gets some responses.

I think the main use case for rate limiting is saving network traffic
costs on broken clients. Anyone running a public server knows how
annoying these clients are. On my servers I set the rate limiting
threshold to 128 requests per second.

The Daniel's idea to provide clients with two values, a long-term
average interval and additionaly a short-term burst interval is
interesting.

-- 
Miroslav Lichvar