IETF Logo Mail Archive

Re: [Ntp] Antw: [EXT] Re: [tsvwg] [Tsv‑art] Tsvart early review of draft‑ietf‑ntp‑alternative‑port‑02

Watson Ladd <watsonbladd@gmail.com> Thu, 09 December 2021 14:47 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 726283A0D38; Thu, 9 Dec 2021 06:47:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gqxfVaegj49b; Thu, 9 Dec 2021 06:47:47 -0800 (PST)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 100E53A0D36; Thu, 9 Dec 2021 06:47:45 -0800 (PST)
Received: by mail-ed1-x52e.google.com with SMTP id r11so20012796edd.9; Thu, 09 Dec 2021 06:47:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=YJ3GOz93OrCmskzkCzz0k6yRpvBu33SbHe9/Lwc86vU=; b=HFPufMyVHRUkgX1pDPrewhBXe3NNB6KoU/CCR7uFghoUCNMkFs7afVvS1g4zL23dBX 2DzV7e1G94bckf9EskdR5x9p6HX5t2BI4CcPLnthJ7qXEO5EyEflzSpHk6p1fRJnrpev Y4Ow6/f2UjaoZLwqTYkAkH6io73J6xZL7Jw0YCH8YzE+IzuiCKWyLSfaUP+gxITNOmG5 UVUwyfdZ7nPUiaj+aKdFYrFbhuHO5/WFBcYfnXNMntvoBa3VM8gUFCLzafBhAqnSu/ku wiby7xV3mSDt2YdFvlVrM0a3sMG8OmbEjJ0DdrCKhb9AVqQGU1Neq+R6wwKaZk8QSdem 5dKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=YJ3GOz93OrCmskzkCzz0k6yRpvBu33SbHe9/Lwc86vU=; b=VDpKbNVOERqNCLTlthxVpX5vu5/MYvNI3QPzRNR6xOZ0tXD0jmclh9C9hBbOA7I0dH FDP7X7EfFQShN/JbF/vEes98hhOFV/9kGMNsSFUz/gThIe6RByo1zcIjbE3zyfDE+R9R qJ0bGqa51Z6vq43d21zotVmdh3b0w+j7PzY4ZAWITfT4JZKjMzv4QjwDEGoh7C+mNPUw F8D3U3eQHEpLTZYAlmevJwY/6Wfd1vaaAJBmuztuhqh3vKbWlj8SC7hEoNKxWoUcx4pi uox+PTUdld4zyRQaHF4+QNQ0vXK+V0ch5Y8DmjnywpnvinqdHjc0n4R2xtfd47udL3JN H4NQ==
X-Gm-Message-State: AOAM532v3aKS/06M6Of1EU/Y4e0ajIQz6dQywiB+cgCWdoJt4wsumBAw VV0gWuV2dL4dQHP4oqoKAQiJ/kFzAQ9eQigQSCk=
X-Google-Smtp-Source: ABdhPJzlU4Q6mw4hJ0zfNFRffe1UYmDpjSBqo/EfiT5ZOSemzVxBK2wr5VdNUq7NYDBXlRkLsxv8kZyvomv2+K3dxGc=
X-Received: by 2002:aa7:c406:: with SMTP id j6mr30424096edq.76.1639061182058; Thu, 09 Dec 2021 06:46:22 -0800 (PST)
MIME-Version: 1.0
References: <20211204231206.A534228C17A@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <A803AF18-2BBD-4A54-9802-3EF693066E6C@strayalpha.com> <CAD4huA7RhF3xZJkdghz4yx3qk8uBjkfJv7Y_hDCvX1a=wATBkg@mail.gmail.com> <CACL_3VENkyebRf25W6EpW0yZY6ELYS41A4D_i+RnQE1M21P2hg@mail.gmail.com> <Ya3fLJCHUsm1wE28@localhost> <90723c26-0352-a4d1-f765-eb26b1522954@pdmconsulting.net> <Ya8bcmEO04g1TCzB@localhost> <61B060BA020000A1000461F2@gwsmtp.uni-regensburg.de>
In-Reply-To: <61B060BA020000A1000461F2@gwsmtp.uni-regensburg.de>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Thu, 09 Dec 2021 09:46:10 -0500
Message-ID: <CACsn0cn_WnQ3itpw148bqgjfbEBCetMzMkJO8_hQFhegZ27cxg@mail.gmail.com>
To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
Cc: Danny Mayer <mayer@pdmconsulting.net>, Miroslav Lichvar <mlichvar@redhat.com>, Magnus Westerlund <magnus.westerlund@ericsson.com>, "ntp@ietf.org" <ntp@ietf.org>, touch@strayalpha.com, tsvwg@ietf.org, Steven Sommars <stevesommarsntp@gmail.com>, heard@pobox.com, Harlan Stenn <stenn@nwtime.org>, iana-port-experts@icann.org, draft-ietf-ntp-alternative-port.all@ietf.org, tsv-art@ietf.org, halmurray@sonic.net
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/CewcVsfOM285RnUTYc2XwN0I7FI>
Subject: Re: [Ntp] Antw: [EXT] Re: [tsvwg] [Tsv‑art] Tsvart early review of draft‑ietf‑ntp‑alternative‑port‑02
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2021 14:47:53 -0000

On Wed, Dec 8, 2021 at 10:09 AM Ulrich Windl
<Ulrich.Windl@rz.uni-regensburg.de> wrote:
>
> >>> Miroslav Lichvar <mlichvar@redhat.com> schrieb am 07.12.2021 um 09:29 in
> Nachricht <Ya8bcmEO04g1TCzB@localhost>:
> ...
> > The problematic middleboxes don't block other ports. They specifically
> > block or rate limit packets on the port 123 as a mitigation for the
> > amplification attacks. If a non‑amplifying subset of NTP moves to
> > another port, they will have no reason to block it.
>
> But when noticing that NTP uses a different port, they could also notice how
> to fix their servers (regarding mode 6 and mode 7). Autokey shouldn't be a
> common problem I guess.

The people who run the middleboxes do not run the servers. They do not
care about the collateral damage. All they care about is keeping up
their network without needing to invest in it.

We are not going to get this changed. We are not going to be able to
hunt down every broken "reference implementation" server out there.

--
Astra mortemque praestare gradatim

v2.23.0 | Report a Bug | By Email