IETF Logo Mail Archive

Re: [Ntp] An NTPv5 design sketch

Daniel Franke <dfoxfranke@gmail.com> Tue, 14 April 2020 15:53 UTC

Return-Path: <dfoxfranke@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8E2C3A0AC6 for <ntp@ietfa.amsl.com>; Tue, 14 Apr 2020 08:53:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mAaONj9ym7y2 for <ntp@ietfa.amsl.com>; Tue, 14 Apr 2020 08:53:30 -0700 (PDT)
Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AE323A0ACE for <ntp@ietf.org>; Tue, 14 Apr 2020 08:53:22 -0700 (PDT)
Received: by mail-il1-x130.google.com with SMTP id e4so190124ils.4 for <ntp@ietf.org>; Tue, 14 Apr 2020 08:53:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=n4WULUe+pXy5nzwvF5kLWCKlkVmG2Y6svVuBPcsLQ2U=; b=CpSskf33yyFfaN5J7sb+11G3iwvTE/8kfUFsl+M8rOnnEZkuXq2yoc/2KU6bbHZVpG ujVKXUhV/3Q8F/SL+qWOYRltnwtBn4WXhGCs4jJob9CRo7I2sdPVslzdMM0Vt/s+iNjJ wVbxPHtEiDpOxs4Pi1gIcLQLb8F3GxAcKpCX4gOT7UqycY6jZqbxxnJf61oNyCruA9fd 4NWSZVxnwheKBmLPOheOj+I6gjDXLF4q4xFxLVb9DGI9bauivyHR3WIKZY7xgcScuVVE +3rvQyPAWcHERCgLik7dnVqSnfHzV0w+roS9TbPTPE4zdIS0CO7NZLV3mpzBtxon+84D tWIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=n4WULUe+pXy5nzwvF5kLWCKlkVmG2Y6svVuBPcsLQ2U=; b=uTvjuO7eOHyZ3YdPvFejWb3bjBfEZBPB8hIxViWZyot1NW5vvYAGWq+DoJ3khDPJwB 1y5wniqr4t0jmlXGx4+Bb4MD0+6EelAkqG4Wl1Hfr01Voin8eNCbfV28NvyPUuzKoF27 VwcFAJ2DBrBRRgac3NfSjml5UCRHvNZcxz+ulI1kJjMWfUm5IJugyvvYU4+UyG1SyLD3 /whape3mjsXQaGSOjhes+qK5tq0FHsfZMJnyx325KxRWBeyAHrh7INT56CZGGLErp6Vb oykCh5mFNzR0Zou34C84IJCrnl1zedVAkp7fN8utZoZTkzmWkX17a/FIoO9JCFog3F/5 P+Cw==
X-Gm-Message-State: AGi0PuYprgzmNlEkBcc9xn/iGpQNi/5NtrMka4z0wZpHla/1U4Sr2nkj /qPInlf276s9y9a24XcaAyP0pYiZd+5OEuL6AnM=
X-Google-Smtp-Source: APiQypIOf7Wve4a7WbvgWxfXlouPTlI9TbY5CXbtjbHcVehlFmdKjhzdzzTMw9dOfk8MzLKFYu7p9TpT4qGv6NWh/3g=
X-Received: by 2002:a92:1581:: with SMTP id 1mr918729ilv.144.1586879601355; Tue, 14 Apr 2020 08:53:21 -0700 (PDT)
MIME-Version: 1.0
References: <CAJm83bBV+Pox3r6KU49ShwMOvr=R+U_vDKJtSZhfT6XX4qWmbA@mail.gmail.com> <20200414112541.GD1945@localhost> <CAJm83bAFwZYtWac-ABL-ozMqa=oppekF078-zOBmMUD7=Ah=Bw@mail.gmail.com> <20200414153848.GE1945@localhost>
In-Reply-To: <20200414153848.GE1945@localhost>
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Tue, 14 Apr 2020 11:53:10 -0400
Message-ID: <CAJm83bCqOyXXXcxiWT-YHi6udcym-xdvs+itma=pqCEx49bWiQ@mail.gmail.com>
To: Miroslav Lichvar <mlichvar@redhat.com>
Cc: NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Dy411t5b-m0rTQcNyu8lDloQS0E>
Subject: Re: [Ntp] An NTPv5 design sketch
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2020 15:53:38 -0000

On Tue, Apr 14, 2020 at 11:38 AM Miroslav Lichvar <mlichvar@redhat.com> wrote:
> An existing TCP connection can be exploited only as long as the upper
> protocol allows it. For example, is it likely that the attacker would
> be able to blindly send requests to its own HTTPS connection
> continuously for a week?

Sure, once you've been able to receive traffic on the victim's network
to get the initial SYN value (for plain HTTP) or complete the TLS
handshake (for HTTPS), this is totally possible and straightforward.
It requires that you're hitting some unused IP on the victim's
network, so there are no TCP RSTs coming back from the victim. But
once you've got all that, everything further is predictable so there's
no further obstacle to blindly spoofing requests for some big download
over and over again, with HTTP 'Connection: keep-alive' headers to
hold the connection open.

v2.23.0 | Report a Bug | By Email