[Ntp] NAT devices not translating privileged ports

Fernando Gont <fernando.gont@edgeuno.com> Fri, 04 June 2021 07:02 UTC

Return-Path: <fernando.gont@edgeuno.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A38D3A2C85 for <ntp@ietfa.amsl.com>; Fri, 4 Jun 2021 00:02:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=edgeuno.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gLelOVxv7wna for <ntp@ietfa.amsl.com>; Fri, 4 Jun 2021 00:02:33 -0700 (PDT)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2115.outbound.protection.outlook.com [40.107.92.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DEBA3A2C84 for <ntp@ietf.org>; Fri, 4 Jun 2021 00:02:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bW6l7qWl2YZZ/am44OSjScOV7tfIU9BzFW0ZRt21Qw90qZmIIhvkv8hL4HV1m7r8FWz2So5aKyD7TjADdvLbOM+mGHSLSvgZSXh+MJxTtce/hQVbojQRqcFrtrlxRyUIP+WFUvbEAKGZgcty1EUKz0XNoqks+vdqIfq57PRTDlttRkQEegScCth0EqSEL0Fnk/FakIjXK5Adl40/7zGRP0D54Ie5qaTJOoW1HuoQF0xcJ20FcHVEEClkUrd+clgsLsizXp9Hg/d6rrC1cB3jmFCcYjLh6L9L3ASjZ9yc8d5CYoc1pY7Hnp2WPNeflz2P3CDD6azJlin9BHjJpeta0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8TXhQyM/4T3lmjVdlmQmjmfoqMdL0kkEtMkrhIhiVNU=; b=aR8ExBEipzuk7REZ6NtkKl0PjP6ZXpmH8JVQeW0bd5MX5ZHliGz8DqcUvsXwsmkeXKAaXv7xcpE/XmCKzGi3IuREbuNZPGCGnba8zY2YrYXIdXPu7kQ0qYEKdm8YMwvZxj4PmUqLnfdf2PYWkR2bPRvhlY0iZq8QKffgxVSQ1ZJ2MA/GFuBtsK57zu2KLsLPSqvfPguJVQrtbGa2gLXB3jZLa4hwsZ7w5msxSDM0fx3/aKLLae5q8w53W60rstSSrmR1qoMXDDZuFCVxJ/5opJ7sL54s8myq0sJHnRbZ4sc6ZpcJmnTAkfbYtn++mtZBIDCM4q3NAOv1BSdOQkW+GQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=edgeuno.com; dmarc=pass action=none header.from=edgeuno.com; dkim=pass header.d=edgeuno.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=edgeuno.onmicrosoft.com; s=selector1-edgeuno-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8TXhQyM/4T3lmjVdlmQmjmfoqMdL0kkEtMkrhIhiVNU=; b=poJ3iDGsoGRA0nl4LLoOZcOP8GepgQBltlRoGRbiuUAt7H0PY94rXzKLfha4aFMWDxW6j4CbJosLK9hUT5JvfL9GI9idLCkhHTRg4uBuT4Brb2eChQiHKeBLKs1SBkr7T8egDAluX/ALvoZZOBEsSUsKGkitsE2rBQKDre6MEtY=
Received: from SJ0PR05MB7514.namprd05.prod.outlook.com (2603:10b6:a03:2eb::6) by BY3PR05MB8161.namprd05.prod.outlook.com (2603:10b6:a03:3b4::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.9; Fri, 4 Jun 2021 07:02:29 +0000
Received: from SJ0PR05MB7514.namprd05.prod.outlook.com ([fe80::59c9:fcf7:eeea:1148]) by SJ0PR05MB7514.namprd05.prod.outlook.com ([fe80::59c9:fcf7:eeea:1148%7]) with mapi id 15.20.4195.024; Fri, 4 Jun 2021 07:02:29 +0000
From: Fernando Gont <fernando.gont@edgeuno.com>
To: "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: NAT devices not translating privileged ports
Thread-Index: AQHXWQ+VQYrrwO1800KuhiMn+IdurQ==
Date: Fri, 4 Jun 2021 07:02:29 +0000
Message-ID: <c576bad79151f48543179594b4ea2bc46c85cdb6.camel@edgeuno.com>
Accept-Language: es-AR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=edgeuno.com;
x-originating-ip: [186.19.8.47]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5e838c4d-ee99-43d7-a28c-08d92726b7d9
x-ms-traffictypediagnostic: BY3PR05MB8161:
x-microsoft-antispam-prvs: <BY3PR05MB8161D1A762775F9C5CC5DE54E53B9@BY3PR05MB8161.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: z+26ntKKzXDzZm7lBZ0oQ1u+CHa+83NxeHvkuElOKnTREjYHzcxnKxnNNz/QvHprWaZBnCwoc/HprI6hyAy0p1pcZXqJEvaC7UwDb7KOn+n87Nx1jR5y5tS1Ed5EnBnY+Y8NEZbNgnEwXZ+NXr2GUZB8gEVjrn7xKunUWNj5uV+srjYYWBDmY8+gthGVkbLIrl6cX+U6fClNsqHKysd/y1Rwl5TsB5yHGoChaWTybKul/358yqOvsxyey/ry3y4UjsF2LwSwey3n/zrdSVGh9C4ZXsas+vs6OFpGuqL6R2AmdFUENupO6wRT2pkKOZf4Dqcp1B361CkegoismiTCJxHZ61KZshjb/YXhYJGf84boE9ztBc4f+dOGTv0HgpB3AilOi2lDtC7xo4Xp3lfNgO+FzOFYgG6m6CddM20ZTqB2U4QnSZQobN4FVAAGNGIl5JpKZh9T8NJxkbLqqmuPjW5qH96m1TFsQTXv61bIF0eoRmf4VVcLfC+J067yABAFMIx/NbtHTDoxeUlnkyhBEKXlvtVwo5xXKsGQ7LrhJ0FcdM8NVxeOrUA/LQ48jYqxHkpzOHyYs7oEp/urK4YTYM2XzHItA9AJjfUtxvlF7k7wCxVNh24rINDvLcpc7rxvQt6V8cldQmlhj4EoskdZdUuYQUEsVQ5FlgBZ1AdAk/8FD6cJ5BK+yeFt0tRFPrtPmyg7SBUHWT7tZMuHfjLiHQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR05MB7514.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(366004)(39830400003)(376002)(346002)(136003)(38100700002)(71200400001)(316002)(122000001)(186003)(6512007)(5660300002)(2616005)(76116006)(2906002)(66946007)(4744005)(66476007)(66556008)(44832011)(66446008)(64756008)(91956017)(83380400001)(966005)(8676002)(36756003)(478600001)(8936002)(6486002)(86362001)(6506007)(26005)(6916009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?B?VHVOdEk4UC93Sjd3QkVycGZud1dzditxMm5xQ3prZjVvT1dkOFJkOWh6MkZO?= =?utf-8?B?VGRhWndBbVZ2aEJLam9UMEFyQnJGWGZURCtMZXdqcWZ5RUpIbi9lM2ZpYjJ1?= =?utf-8?B?RUxwK2krL3U4R1V6NGZkb0tEYjNEc05BV2pDZFM4MmNkUUUzOXJFeW4yTm1Q?= =?utf-8?B?YlJtVndVdWlPMExITkdkYkpoK3U2S3FJYVBjRE81cnIzaGQyNW80blgvbEJa?= =?utf-8?B?UVRJRUtqWGJ4OWFDdVVpYkxRYXhkWlkzaFJVTFJ6dkJqSG1PbVp3ckQyalc0?= =?utf-8?B?NE92S2g2ekl2RE80UlQyODg3RVRZL3FoZ2V2L0tUSUlDbjloOWxnL0NHZitk?= =?utf-8?B?S3VwUTBMY2d5NGhMQVFCcEdsWFkrWFNwOHcrVVdMM2xpaERzVkczNlFiK3Js?= =?utf-8?B?bEtXU3NsQ1BNQzAwUm13SFVOTUliZ0pKTzVSNGtTeG9iT21VTTZ0QU4zSm52?= =?utf-8?B?WFdyUXQ2TFZybWF0RzVXTnllQVVDUG5BVlpFSWlOMyswRjYweUFuQmdnTi83?= =?utf-8?B?d1h5WXlKZVhKN2JoRXNVTVcyWlhsVE9xa09nUHo3cGJ2NWJZRHVueWVZbE1l?= =?utf-8?B?ZjFKbitTUiswcEtrZWFkQjhjOHFiMkJKWEZ2dkxkazhDYllzRWs2ZzE3VHpJ?= =?utf-8?B?dEdvRFFtSW10RVU4RS81MGhtS0QwbE4zTjVmM3JoTUFKcjZyMFdiRUViWFZQ?= =?utf-8?B?MW14NzRnYlkvZzdXbkNYTHRQQzdHOHZISytuSXp2L0dNRUZhQS9UYUx6M25U?= =?utf-8?B?SWZMUlYydWRldmM1MzRpOVdadmpOY2dVVHozVkxjdWQyRTlubkJaNVRmeXAy?= =?utf-8?B?WnpTTDl1Y29ncVZ6clpoT1pNLzJsQm9VWjNCY0NXQWgrcGthSnBmZ1p4Y0pK?= =?utf-8?B?emsxRjc3cFZSdnBPallrMTNzdm5nbjgyZG5Hd3QzeG1lOHg3K2JRbjNoMHQ5?= =?utf-8?B?MjF5dU9YSFhTaUt6V2tHblA0S3h3WmV5QldVSDJyRC8yV2IzY0s0Yk92eDhh?= =?utf-8?B?b2NabE9mNzBPdEwvSVVsMlhNTm1zUFJaT1czNFpzUVQzSXBaSTMvVHQrODN0?= =?utf-8?B?RzMxYkYyaGNyUFZBanBJM1NKRENqS3BQWUd6RWdFTWpUYlhVWmw1ZHlteFRi?= =?utf-8?B?cWRwQWhEeEtCNW1UTVRXdzBZWmpKMERoakZsK0E4aC9GenNrUlN6aFdHdXBD?= =?utf-8?B?VXhmZmE5MmdobkFxWkdNVGpPZnJwNjhtdVdxdjdRU2UxR01pRGtlOWNzQzA5?= =?utf-8?B?dDQwM3B5ajFTd2dpRWpZaHU0OEx1L2pRTlFzVWVMZm1VME9veFhVWFdXMTVH?= =?utf-8?B?Z2RUOWlIenZCQ2p6TWw3MWduQlR4U1dVM21rZE5pSWxpcW9ra2kyMG83bWww?= =?utf-8?B?U3prWFhjY0MycXNLMml5WFdFZkI1YldxNkkrY3AwbCtadThiNlVBRzdBMjI0?= =?utf-8?B?bWR4czV6Y2lCd1MxV2FrTWgvYWo4U3NvTFVCNnk3Z2J0TjFhRENPbFY4OWwr?= =?utf-8?B?cXl4bHBMZlQya21odnR5TEgzU0N5cWpJbE8xS2Zhd3BCQjFUQW5FNjFMT0lX?= =?utf-8?B?bytOekwrL09lbGpQMGVDUERrTHdtanNTYzFEckk0ejc0bXMxa0FQS3lXVmZQ?= =?utf-8?B?a2RaMUZSYnhLdXBESUF0VjlpUEJ1UERjUktCT1hIMjE3b1U5QlNVMXpieFpL?= =?utf-8?B?TzB6M0pTaVMzYk9qNmxhOXlZWVkyODJsVEx6Q24yOEYwNTlyRm5xelJmREl5?= =?utf-8?Q?dZmflXzorIxu+NkDJKoNmm+ilvSiGyZ5qc4wEJ6?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <503A746801FE4B479311ECCBC71D6EF4@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: edgeuno.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR05MB7514.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5e838c4d-ee99-43d7-a28c-08d92726b7d9
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jun 2021 07:02:29.4517 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 20879dba-fabf-45da-8300-60b8ce560217
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3qNY6AphvUomb6czPd+kyR1STKz4CY0Wq5Bw0VTKmrfIh4Jk5e9J5FOmp+nI963oDTBB1+VFM91J2fILYaJgcYGnptUBF56fzDNCOy3jriE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY3PR05MB8161
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/bfVLQtYFhZ-5LQ2JVTtrrEMsMRM>
Subject: [Ntp] NAT devices not translating privileged ports
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2021 07:02:38 -0000

Folks,

As part of the IESG review of the ntp port randomization draft 
(
https://www.ietf.org/archive/id/draft-ietf-ntp-port-randomization-06.txt
), we were asked if we could provide a reference for the NAT devices do
not translate the source port if the source port is a privileged port
(<1024).

Any clues/examples of this type of NATs?

Thanks!

Regards,
-- 
Fernando Gont
Director of Information Security
EdgeUno, Inc.
PGP Fingerprint: DFBD 63E3 B248 AE79 C598 AF23 EBAE DA03 0644 1531