Re: [Ntp] Details of the fragmentation attacks against NTP and port randomization

" tglassey@earthlink.net " <tglassey@earthlink.net> Thu, 13 June 2019 04:10 UTC

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk12062016; d=earthlink.net; b=ZDfUWDBnP/ef6vRg+L3hIDlGo1mo0wPblrrxCNSJiZeQGnvc0/jZDPQnNH21Jg00M8CH2APwC6+JTJ4aNNZpMKrG9s9JRu7y8BEeF1Cqksh1PnRXb7Y3lI8yP4dKxl6+TPZtCXO19q7zEPEcgV7zFk0AYzv9oWfr8B4hEcR81RRkMGLWA85CcJxdrrZKK/q7vnsALbsHD9AKCHPK+/CmhGRu3J0wReDSp5aXwTS4vVId2su69mqYLLbMy8nkLEIE5J+EyfkMljwIL6W2c1cXO+N6EoG1qxbFMapRo3yK+pw3dDf46VgkkrJ229l1f/dFvhIThsegoxLhddvCfNRAMQ==; h=Received:To:From:Cc:Subject:Date:MIME-Version:Content-Type:Message-ID:X-ELNK-Trace:X-Originating-IP;
To: Warner Losh <imp@bsdimp.com>, Danny Mayer <mayer@ntp.org>
From: "tglassey@earthlink.net" <tglassey@earthlink.net>
Cc: Fernando Gont <fgont@si6networks.com>, NTP WG <ntp@ietf.org>
Date: Thu, 13 Jun 2019 07:09:46 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_0_1560398986063"
Message-ID: <E1hbH3a-000G3F-3U@elasmtp-curtail.atl.sa.earthlink.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/WpdSaGD6J5VyhMLhGjZdtfrHLVs>
Subject: Re: [Ntp] Details of the fragmentation attacks against NTP and port randomization
Precedence: list

Danny and Warner, in the interest of showing how diverging use models create controversies in the list based on people's emotional ownership of NTP let me posit this:

is there a chance we can build a hybrid client with the ability to answer a remote query which is fully authenticated as to "what my time is"? Clearly it would need aspects of the server's listener built into it, but to keep the code fingerprints reliable and secure, we can address remote code auditing through this same feature as well.

Additionally the ability to tell the client what port you want replies on is a variant of the NTP proxy I proposed several years ago before "getting slammed to the mmat" by this very group. 

If you want to see my SecureTP proposal I can send it and its three-way timesetting and time auditing practices all nicely merged into a single framework.

Amplification attacks go away, identity fraud goes away, and many of the proposals for extended authentication and their overhead become moot as well... All by creating a directed and port variable infrastructure using NTP. 

//Todd

Sent from my HTC, so please excuse any typos.

----- Reply message -----
From: "Warner Losh" <imp@bsdimp.com>
To: "Danny Mayer" <mayer@ntp.org>
Cc: "Fernando Gont" <fgont@si6networks.com>, "NTP WG" <ntp@ietf.org>
Subject: [Ntp] Details of the fragmentation attacks against NTP and port randomization
Date: Wed, Jun 12, 2019 05:26

Can we please keep it technical rather than launch into personal attacks?
You can make your points without the vitriol and nastiness.

Warner

On Tue, Jun 11, 2019, 4:34 PM Danny Mayer <mayer@ntp.org> wrote:

>
> On 6/7/19 6:53 AM, Fernando Gont wrote:
> > On 5/6/19 05:41, Danny Mayer wrote:
> >> On 6/4/19 2:39 AM, Fernando Gont wrote:
> >>> On 4/6/19 06:09, Danny Mayer wrote:
> >>>> On 6/3/19 2:24 PM, Watson Ladd wrote:
> >>>>
> >>>>> Dear all,
> >>>>>
> >>>>> The debate over client port randomization is missing an important
> >>>>> fact: off-path attacks against NTP are not prevented by the origin
> >>>>> timestamp due to the OS handling of fragmentation. In
> >>>>> http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf we see that
> sending
> >>>>> a properly crafted IP fragment can selectively overwrite NTP packets,
> >>>>> thus allowing an attacker to modify received data without overwriting
> >>>>> the origin timestamp. I would recommend we adopt port randomization
> >>>>> to handle this problem.
> >>>>>
> >>>>> Sincerely,
> >>>>> Watson Ladd
> >>>> Actually if you read Section VI you will see that the last sentence of
> >>>> that section states that they do not consider it to be a sufficient
> defense.
> >>> Wasn't Your argument that the timestamp was enough to mitigate off-path
> >>> attacks?
> >>>
> >> Yes and no. The draft you wrote requires using random ports to avoid
> >> off-path attacks.
> > No.
> Actually that's exactly what it says. See the abstract of your own draft.
> >
> > The draft we wrote says employing predictable identifiers is a bad
> > practice that has been known for over 20 years. We have been on this
> > road so many times. You just don't use predictable IDs.
> You do this of off-path attackers.
> >
> > Using them leads to trouble, with no benefit. Using random port numbers
> > helps mitigate such trouble.
> No always which why your RFC is a BCP. What needs to be clarified is
> when it is wise to do so and when not to do so and what are the
> consequences if you do so. You cannot make proposals without including
> them.
> >
> >
> >
> >> The paper demonstrates that for at least some O/S's an
> >> off-path fragmentation attack succeeds regardless of the port number.
> >> This is at a layer below NTP. So randomizing the ports doesn't matter
> >> for this attack according to the paper. The proper way to deal with this
> >> fragmentation attack is to fix the underlying O/S behavior as has
> >> already been done for most of them. The NTP basic payload is only 48
> >> bytes so there is no reason to allow fragmentation in the first place.
> > The IPv4 minimum MTU is 68 bytes. Anything longer than that may need to

[Ntp] Details of the fragmentation attacks agains… Watson Ladd
Re: [Ntp] Details of the fragmentation attacks ag… Danny Mayer
Re: [Ntp] Details of the fragmentation attacks ag… Watson Ladd
Re: [Ntp] Details of the fragmentation attacks ag… Fernando Gont
Re: [Ntp] Details of the fragmentation attacks ag… tglassey@earthlink.net
Re: [Ntp] Details of the fragmentation attacks ag… Danny Mayer
Re: [Ntp] Details of the fragmentation attacks ag… Ask Bjørn Hansen
Re: [Ntp] Details of the fragmentation attacks ag… Warner Losh
Re: [Ntp] Details of the fragmentation attacks ag… Tony Finch
Re: [Ntp] Details of the fragmentation attacks ag… Watson Ladd
Re: [Ntp] Details of the fragmentation attacks ag… Majdi S. Abbas
Re: [Ntp] Details of the fragmentation attacks ag… Danny Mayer
Re: [Ntp] Details of the fragmentation attacks ag… Hal Murray
Re: [Ntp] Details of the fragmentation attacks ag… Danny Mayer
Re: [Ntp] Details of the fragmentation attacks ag… tglassey@earthlink.net
Re: [Ntp] Details of the fragmentation attacks ag… Miroslav Lichvar
Re: [Ntp] Details of the fragmentation attacks ag… Fernando Gont
Re: [Ntp] Details of the fragmentation attacks ag… Fernando Gont
Re: [Ntp] Details of the fragmentation attacks ag… Fernando Gont
Re: [Ntp] Details of the fragmentation attacks ag… Salz, Rich
Re: [Ntp] Details of the fragmentation attacks ag… Danny Mayer
Re: [Ntp] Details of the fragmentation attacks ag… Watson Ladd
Re: [Ntp] Details of the fragmentation attacks ag… Fernando Gont
Re: [Ntp] Details of the fragmentation attacks ag… Danny Mayer
Re: [Ntp] Details of the fragmentation attacks ag… Warner Losh
Re: [Ntp] Details of the fragmentation attacks ag… tglassey@earthlink.net
Re: [Ntp] Details of the fragmentation attacks ag… Fernando Gont
Re: [Ntp] Details of the fragmentation attacks ag… kristof.teichel
Re: [Ntp] Details of the fragmentation attacks ag… Gary E. Miller
Re: [Ntp] Details of the fragmentation attacks ag… Fernando Gont
Re: [Ntp] Details of the fragmentation attacks ag… Gary E. Miller
Re: [Ntp] Details of the fragmentation attacks ag… Fernando Gont
Re: [Ntp] Details of the fragmentation attacks ag… Gary E. Miller
Re: [Ntp] Details of the fragmentation attacks ag… Fernando Gont
[Ntp] Antw: Re: Details of the fragmentation atta… Ulrich Windl
Re: [Ntp] Antw: Re: Details of the fragmentation … Fernando Gont