IETF Logo Mail Archive

Re: [Ntp] Details of the fragmentation attacks against NTP and port randomization

"Gary E. Miller" <gem@rellim.com> Thu, 13 June 2019 19:29 UTC

Return-Path: <gem@rellim.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B253C120118 for <ntp@ietfa.amsl.com>; Thu, 13 Jun 2019 12:29:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.1
X-Spam-Level:
X-Spam-Status: No, score=-1.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hJqO0kKwGjX5 for <ntp@ietfa.amsl.com>; Thu, 13 Jun 2019 12:29:34 -0700 (PDT)
Received: from rellim.com (spidey.rellim.com [204.17.205.8]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7AC412003F for <ntp@ietf.org>; Thu, 13 Jun 2019 12:29:34 -0700 (PDT)
Received: from localhost (spidey.rellim.com [204.17.205.8]) by rellim.com (Postfix) with ESMTPSA id 67727202A7F for <ntp@ietf.org>; Thu, 13 Jun 2019 12:29:33 -0700 (PDT)
Date: Thu, 13 Jun 2019 12:29:29 -0700
From: "Gary E. Miller" <gem@rellim.com>
To: ntp@ietf.org
Message-ID: <20190613122929.0e049722@rellim.com>
In-Reply-To: <68186be5-764d-73e7-1631-04567edf28a7@si6networks.com>
References: <CAN2QdAGS20q=7+r+qMFEBBu4gNmSDR9-vYDbvgC=ZnqWLEU-6w@mail.gmail.com> <739c2eaa-05f1-0b30-4b64-fc5d3f91ce5b@pdmconsulting.net> <a3a545cf-d83d-a2c7-ad6c-3e349de78615@si6networks.com> <9f75e400-cf2f-053f-ed06-f4d6df415eaf@pdmconsulting.net> <70d86938-5d50-7732-5257-c698d7d308d6@si6networks.com> <b4a5d0ec-606e-7994-9bc9-e21e24f38def@ntp.org> <f4b5312c-b02c-ee51-1c59-f0467f51ab77@si6networks.com> <OF8F5917D8.BA274E92-ONC1258418.004C2FAF-C1258418.0052EEFB@ptb.de> <20190613100006.45108edd@rellim.com> <68186be5-764d-73e7-1631-04567edf28a7@si6networks.com>
Organization: Rellim
X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; boundary="Sig_/PItuAHUGDKJ/q81u44viWss"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/G-_oZufSdUkuob5DFG4YimxbiXQ>
Subject: Re: [Ntp] Details of the fragmentation attacks against NTP and port randomization
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2019 19:29:36 -0000

Yo Fernando!

On Thu, 13 Jun 2019 22:14:12 +0300
Fernando Gont <fgont@si6networks.com> wrote:

> On 13/6/19 20:00, Gary E. Miller wrote:
> > Yo kristof.teichel@ptb.de!
> > 
> > On Thu, 13 Jun 2019 17:06:18 +0200
> > kristof.teichel@ptb.de wrote:
> >   
> >> As I see it, 1) puts the burden-of-proof on anyone arguing not to
> >> opt for mandating port randomization.  
> > 
> > One nit.  As discussed here previously.  Randomizing the NTP port on
> > each server request degrades the quality of the time received.>
> > Keeping the same random port, per server, for a while, works OK.  
> 
> *May* degrade. (*) That said, the last revision we posted argued to
> randomize the port on a per-association basis

PROVEN to degrade.  With a few known mechanisms for that understood.
Many more suspected but as yet undocumented.

> We are considering analyzing the trade-offs, and the document might
> eventually argue one way or another. However, the version that has
> been discussed so far doesn't suffer from this.

But your summary did not mention it.  Just want to make sure the data
point is not lost.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem@rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin

v2.23.0 | Report a Bug | By Email