IETF Logo Mail Archive

Re: [Ntp] [tsvwg] [Tsv-art] Tsvart early review of draft-ietf-ntp-alternative-port-02

"C. M. Heard" <heard@pobox.com> Sun, 05 December 2021 23:37 UTC

Return-Path: <heard@pobox.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9767E3A044A; Sun, 5 Dec 2021 15:37:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_CSS=0.1, URIBL_CSS_A=0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jXzJ2AI44D8i; Sun, 5 Dec 2021 15:37:14 -0800 (PST)
Received: from pb-smtp20.pobox.com (pb-smtp20.pobox.com [173.228.157.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A0193A03EE; Sun, 5 Dec 2021 15:37:12 -0800 (PST)
Received: from pb-smtp20.pobox.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id 506A7177918; Sun, 5 Dec 2021 18:37:10 -0500 (EST) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h= mime-version:references:in-reply-to:from:date:message-id:subject :to:cc:content-type; s=sasl; bh=0zNJZW8KNRGSnrtkcUxk/x2jMwA/xMH1 hFyVqspMfQw=; b=GAM7SzKm0fl70zhYHCUEQ3JeE4Xxih8nup0VK6u9s4+sRsWz nqiRhowZN1udf0G0LnP4Ym2AeoL2IrLv9GFZLfLdc6SreY8S0P1UkEw87NvWOgll xDiGt/k+R+s4URFgl7eyYV+SJ3SGs0kYg88IQJlgDaxatHEA3IpVTRf7mbA=
Received: from pb-smtp20.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id 49C5D177917; Sun, 5 Dec 2021 18:37:10 -0500 (EST) (envelope-from heard@pobox.com)
Received: from mail-ua1-f54.google.com (unknown [209.85.222.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp20.pobox.com (Postfix) with ESMTPSA id A6432177913; Sun, 5 Dec 2021 18:37:06 -0500 (EST) (envelope-from heard@pobox.com)
Received: by mail-ua1-f54.google.com with SMTP id p37so16239723uae.8; Sun, 05 Dec 2021 15:37:06 -0800 (PST)
X-Gm-Message-State: AOAM531wBmHSY25bElCssDN62I6pUI0ceBpCyvhJzZYdJq6MzhOb7R85 nPsaroUfoCFsOV5hqzvVuDJ4ZyHv549Xyp1rYPo=
X-Google-Smtp-Source: ABdhPJxDdd/OxKOkCbs+yCH/WkLLzVR2GTfgEBE7/osXMAJ13tPi8PiE4etSDnGvUtHFNPzvERZqU9Q5mT6rmRTUg3U=
X-Received: by 2002:a05:6a00:24cd:b0:49f:a4d8:3d43 with SMTP id d13-20020a056a0024cd00b0049fa4d83d43mr33497850pfv.49.1638746423136; Sun, 05 Dec 2021 15:20:23 -0800 (PST)
MIME-Version: 1.0
References: <20211204231206.A534228C17A@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <A803AF18-2BBD-4A54-9802-3EF693066E6C@strayalpha.com> <CAD4huA7RhF3xZJkdghz4yx3qk8uBjkfJv7Y_hDCvX1a=wATBkg@mail.gmail.com>
In-Reply-To: <CAD4huA7RhF3xZJkdghz4yx3qk8uBjkfJv7Y_hDCvX1a=wATBkg@mail.gmail.com>
From: "C. M. Heard" <heard@pobox.com>
Date: Sun, 05 Dec 2021 15:20:12 -0800
X-Gmail-Original-Message-ID: <CACL_3VENkyebRf25W6EpW0yZY6ELYS41A4D_i+RnQE1M21P2hg@mail.gmail.com>
Message-ID: <CACL_3VENkyebRf25W6EpW0yZY6ELYS41A4D_i+RnQE1M21P2hg@mail.gmail.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>, Steven Sommars <stevesommarsntp@gmail.com>, Hal Murray <halmurray@sonic.net>, Joe Touch <touch@strayalpha.com>
Cc: NTP WG <ntp@ietf.org>, TSVWG <tsvwg@ietf.org>, iana-port-experts@icann.org, draft-ietf-ntp-alternative-port.all@ietf.org, tsv-art <tsv-art@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006d977c05d26e625e"
X-Pobox-Relay-ID: 41F3FEFE-5624-11EC-8738-F327CE9DA9D6-06080547!pb-smtp20.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/EiRSS1qaRQRqbzFD94DFpzQvNoM>
Subject: Re: [Ntp] [tsvwg] [Tsv-art] Tsvart early review of draft-ietf-ntp-alternative-port-02
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Dec 2021 23:37:20 -0000

One the one hand I see:

On Dec 4, 2021, at 3:12 PM, Hal Murray wrote:
> Years ago (2013), NTP was used in a giant DDoS attack. That was due to a
bug/oversight
> that had been around since the early NTP work.  (I've tracked it  back to
1989.)
>  https://www.spamhaus.org/news/article/695/answers-about-recent-ddos
>  https://en.wikipedia.org/wiki/Denial-of-service_attack#Amplification
> The Wikipedia chart could use another column -- the number of sites
available.
> Almost all Linux or *BSD sites were running ntpd.
>
> The fix was trivial, but there are many essentially unattended sites
running
> old versions of ntpd that will never get fixed.

And  on the other hand I see:

On Sat, Dec 4, 2021 at 9:00 PM Steven Sommars wrote:
> NTP got a bad reputation as an amplification attack vector circa 2014.
> The offending NTP servers have largely been fixed; today few public
> servers will blindly amplify the Mode 7/monlist command (the major
> problem source). The organizations doing the filtering aren't receptive
> to suggestions that they alter/remove their filtering schemes.

We have two contradictory assertions by proponents of the alternate port.
Which, if either, is correct?

Are the servers largely fixed but the filters still in place out of
inertia, as Mr. Sommers says?

Or do the filters remain because of servers that have not been fixed, as
Mr. Murray says?

And I have another question, which I though had been asked, but which I now
cannot find:

What assurance is there that the alternate port won't be blocked by default?

Mike Heard

v2.23.0 | Report a Bug | By Email