Re: [Ntp] An NTPv5 design sketch
Daniel Franke <dfoxfranke@gmail.com> Tue, 14 April 2020 15:53 UTC
Return-Path: <dfoxfranke@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8E2C3A0AC6 for <ntp@ietfa.amsl.com>; Tue, 14 Apr 2020 08:53:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mAaONj9ym7y2 for <ntp@ietfa.amsl.com>; Tue, 14 Apr 2020 08:53:30 -0700 (PDT)
Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AE323A0ACE for <ntp@ietf.org>; Tue, 14 Apr 2020 08:53:22 -0700 (PDT)
Received: by mail-il1-x130.google.com with SMTP id e4so190124ils.4 for <ntp@ietf.org>; Tue, 14 Apr 2020 08:53:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=n4WULUe+pXy5nzwvF5kLWCKlkVmG2Y6svVuBPcsLQ2U=; b=CpSskf33yyFfaN5J7sb+11G3iwvTE/8kfUFsl+M8rOnnEZkuXq2yoc/2KU6bbHZVpG ujVKXUhV/3Q8F/SL+qWOYRltnwtBn4WXhGCs4jJob9CRo7I2sdPVslzdMM0Vt/s+iNjJ wVbxPHtEiDpOxs4Pi1gIcLQLb8F3GxAcKpCX4gOT7UqycY6jZqbxxnJf61oNyCruA9fd 4NWSZVxnwheKBmLPOheOj+I6gjDXLF4q4xFxLVb9DGI9bauivyHR3WIKZY7xgcScuVVE +3rvQyPAWcHERCgLik7dnVqSnfHzV0w+roS9TbPTPE4zdIS0CO7NZLV3mpzBtxon+84D tWIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=n4WULUe+pXy5nzwvF5kLWCKlkVmG2Y6svVuBPcsLQ2U=; b=uTvjuO7eOHyZ3YdPvFejWb3bjBfEZBPB8hIxViWZyot1NW5vvYAGWq+DoJ3khDPJwB 1y5wniqr4t0jmlXGx4+Bb4MD0+6EelAkqG4Wl1Hfr01Voin8eNCbfV28NvyPUuzKoF27 VwcFAJ2DBrBRRgac3NfSjml5UCRHvNZcxz+ulI1kJjMWfUm5IJugyvvYU4+UyG1SyLD3 /whape3mjsXQaGSOjhes+qK5tq0FHsfZMJnyx325KxRWBeyAHrh7INT56CZGGLErp6Vb oykCh5mFNzR0Zou34C84IJCrnl1zedVAkp7fN8utZoZTkzmWkX17a/FIoO9JCFog3F/5 P+Cw==
X-Gm-Message-State: AGi0PuYprgzmNlEkBcc9xn/iGpQNi/5NtrMka4z0wZpHla/1U4Sr2nkj /qPInlf276s9y9a24XcaAyP0pYiZd+5OEuL6AnM=
X-Google-Smtp-Source: APiQypIOf7Wve4a7WbvgWxfXlouPTlI9TbY5CXbtjbHcVehlFmdKjhzdzzTMw9dOfk8MzLKFYu7p9TpT4qGv6NWh/3g=
X-Received: by 2002:a92:1581:: with SMTP id 1mr918729ilv.144.1586879601355; Tue, 14 Apr 2020 08:53:21 -0700 (PDT)
MIME-Version: 1.0
References: <CAJm83bBV+Pox3r6KU49ShwMOvr=R+U_vDKJtSZhfT6XX4qWmbA@mail.gmail.com> <20200414112541.GD1945@localhost> <CAJm83bAFwZYtWac-ABL-ozMqa=oppekF078-zOBmMUD7=Ah=Bw@mail.gmail.com> <20200414153848.GE1945@localhost>
In-Reply-To: <20200414153848.GE1945@localhost>
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Tue, 14 Apr 2020 11:53:10 -0400
Message-ID: <CAJm83bCqOyXXXcxiWT-YHi6udcym-xdvs+itma=pqCEx49bWiQ@mail.gmail.com>
To: Miroslav Lichvar <mlichvar@redhat.com>
Cc: NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Dy411t5b-m0rTQcNyu8lDloQS0E>
Subject: Re: [Ntp] An NTPv5 design sketch
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2020 15:53:38 -0000
On Tue, Apr 14, 2020 at 11:38 AM Miroslav Lichvar <mlichvar@redhat.com> wrote: > An existing TCP connection can be exploited only as long as the upper > protocol allows it. For example, is it likely that the attacker would > be able to blindly send requests to its own HTTPS connection > continuously for a week? Sure, once you've been able to receive traffic on the victim's network to get the initial SYN value (for plain HTTP) or complete the TLS handshake (for HTTPS), this is totally possible and straightforward. It requires that you're hitting some unused IP on the victim's network, so there are no TCP RSTs coming back from the victim. But once you've got all that, everything further is predictable so there's no further obstacle to blindly spoofing requests for some big download over and over again, with HTTP 'Connection: keep-alive' headers to hold the connection open.
- [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] [EXT] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Dieter Sibold
- Re: [Ntp] [EXT] An NTPv5 design sketch Dieter Sibold
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch James
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch James
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Ulrich Windl
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- [Ntp] Antwort: Re: An NTPv5 design sketch< kristof.teichel
- Re: [Ntp] An NTPv5 design sketch Salz, Rich
- Re: [Ntp] An NTPv5 design sketch Kyle Rose
- [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Doug Arnold
- [Ntp] Antw: Re: Antw: [EXT] Re: An NTPv5 design s… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: An NTPv5 desi… Miroslav Lichvar