Re: [Ntp] I-D Action: draft-ietf-ntp-port-randomization-00.txt

Heiko Gerstung <heiko.gerstung@meinberg.de> Wed, 13 November 2019 13:27 UTC

Return-Path: <heiko.gerstung@meinberg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 843311200BA for <ntp@ietfa.amsl.com>; Wed, 13 Nov 2019 05:27:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=meinberg.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qPcfmnqObmXf for <ntp@ietfa.amsl.com>; Wed, 13 Nov 2019 05:27:31 -0800 (PST)
Received: from server1a.meinberg.de (server1a.meinberg.de [176.9.44.212]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A5A912003E for <ntp@ietf.org>; Wed, 13 Nov 2019 05:27:31 -0800 (PST)
Received: from srv-kerioconnect.py.meinberg.de (unknown [193.158.22.2]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by server1a.meinberg.de (Postfix) with ESMTPSA id 58AD671C0400; Wed, 13 Nov 2019 14:27:27 +0100 (CET)
X-DKIM: Sendmail DKIM Filter v2.8.2 server1a.meinberg.de 58AD671C0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=meinberg.de; s=mail201101; t=1573651649; bh=X6+0REjoqVdgDASG3SXxIBYzPJZ60b8nzYvlNAL4onw=; h=Date:Subject:Message-ID:References:In-Reply-To:Mime-version:From: To:Content-Type:Content-Transfer-Encoding; b=Wmv2IFS5330zHp+vqLnekGGII8Q4qgkTDV7bI+SN1WK58luIG76KLC8QmpLe68v7+ vMnMIFO/Tzg7o7Wlgx3EBL6tu2yrq/mV8RfoniiV9yNAGIve2WVZCgCNYViyoFxj4l xMgPEmj/C1ck/G6WfiBOI27EBPwAestyS0I25TcY=
X-Kerio-Anti-Spam: Build: [Engines: 2.15.9.1281, Stamp: 3], Multi: [Enabled, t: (0.000006,0.009027)], BW: [Enabled, t: (0.000007)], RTDA: [Enabled, t: (0.086230), Hit: No, Details: v2.7.62; Id: 15.1i6tsil.1dpif50t7.hn1vo], total: 0(700)
X-Footer: bWVpbmJlcmcuZGU=
User-Agent: Microsoft-MacOutlook/10.1e.1.191020
Date: Wed, 13 Nov 2019 14:27:04 +0100
Message-ID: <6DF4A8E2-64B2-4173-B3D5-E7FFE1BAD1FD@meinberg.de>
Thread-Topic: [Ntp] I-D Action: draft-ietf-ntp-port-randomization-00.txt
References: <157262391705.31923.311801865037196489@ietfa.amsl.com> <20191113112126.GA2634@localhost>
In-Reply-To: <20191113112126.GA2634@localhost>
Mime-version: 1.0
Importance: Normal
X-Priority: 3
Thread-Index: AZ2x3tU+YWM5MzFiZWI5NDg3NTJlMA==
From: Heiko Gerstung <heiko.gerstung@meinberg.de>
To: Miroslav Lichvar <mlichvar@redhat.com>, "ntp@ietf.org" <ntp@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: clamav-milter 0.101.4 at server1a
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/bc8-AOdgwCiWHggCAezt67d1bCc>
Subject: Re: [Ntp] I-D Action: draft-ietf-ntp-port-randomization-00.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Nov 2019 13:27:35 -0000

Hi Miroslav,

I find the reasoning very convincing and very well explained. 

Best Regards,
   Heiko



-- 
Heiko Gerstung 
Managing Director 
 
MEINBERG® Funkuhren GmbH & Co. KG 
Lange Wand 9 
D-31812 Bad Pyrmont, Germany 
Phone: +49 (0)5281 9309-404 
Fax: +49 (0)5281 9309-9404 
 
Amtsgericht Hannover 17HRA 100322 
Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung 
 
Email: 
heiko.gerstung@meinberg.de
Web: 
Deutsch https://www.meinberg.de
English https://www.meinbergglobal.com
 
Do not miss our Time Synchronization Blog: 
https://blog.meinbergglobal.com
 
Connect via LinkedIn: 
https://www.linkedin.com/in/heikogerstung
 
 

Am 13.11.19, 12:22 schrieb "ntp im Auftrag von Miroslav Lichvar" <ntp-bounces@ietf.org im Auftrag von mlichvar@redhat.com>;:

    On Fri, Nov 01, 2019 at 08:58:37AM -0700, internet-drafts@ietf.org wrote:
    > https://tools.ietf.org/html/draft-ietf-ntp-port-randomization-00
    
    This document describes a per-association and per-request approach for
    randomizing the client's port number with some of their advantages and
    disadvantages. It currently strongly recommends the per-association
    approach for all clients.
    
    For a typical client running on an OS it is about opening and closing
    sockets. Should it keep one socket open for the lifetime of the
    association, or should it open a new socket before each request?
    
    I'd like to propose changing the recommendation to the per-request
    approach for the following reasons:
    
    - It seems to be the current practice. From the implementations
      that I'm familiar with and that use a random source port, each one
      opens a new socket for each request, at least by default. On my
      public servers I see that most clients do change their port over
      time.
    
    - It doesn't seem like a good idea to require a client to keep its
      port open when it's not waiting for a response. If it received a
      valid response, or didn't receive a valid response in few seconds
      after sending the request, it should close the port.
    
    - The port number may be discoverable by other means, so it should
      change frequently. For example, the attacker could try sending
      packets to all ports and observe which one changed a value reported
      by the client in a monitoring protocol (e.g. mode 6). If the
      attacker can determine the port number, which cannot be prevented in
      the general case, the time for which it is useful for attacks should
      be limited.
    
    Does that make sense?
    
    -- 
    Miroslav Lichvar
    
    _______________________________________________
    ntp mailing list
    ntp@ietf.org
    https://www.ietf.org/mailman/listinfo/ntp