IETF Logo Mail Archive

Re: [Ntp] New rev of the NTP port randomization I-D (Fwd: New Version Notification for draft-gont-ntp-port-randomization-01.txt)

Watson Ladd <watson@cloudflare.com> Wed, 29 May 2019 21:27 UTC

Return-Path: <watson@cloudflare.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D21681201A0 for <ntp@ietfa.amsl.com>; Wed, 29 May 2019 14:27:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JjiEb4bk9GyT for <ntp@ietfa.amsl.com>; Wed, 29 May 2019 14:27:35 -0700 (PDT)
Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D9B51200D7 for <ntp@ietf.org>; Wed, 29 May 2019 14:27:34 -0700 (PDT)
Received: by mail-qk1-x72d.google.com with SMTP id w187so2456189qkb.11 for <ntp@ietf.org>; Wed, 29 May 2019 14:27:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3upxybP7C7fqYLnIEDuSBuw76ATfcx+z/SprqFMwOeU=; b=mj8uClesK+YOl6mZ4JnA/BP7XGR3uHQIQp2sEznApnkvZ3yEEF39QdFwOTcWXEV0XT BPwQd2QVmc83VYNY6w15bh8rz1t31X1d3LkKIHw6TD23HpzsN49qgwKYEZbhYgLLe8mT BJTb0FGV8CgwOmnepD2srx/t9Lk/6H9JpKfTU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3upxybP7C7fqYLnIEDuSBuw76ATfcx+z/SprqFMwOeU=; b=cIETumCkOG4vggZp2+t04EstUhlAVyfuHT9+QMXH1xwtU310vEcRGfhIrzUJCtkW+5 N1BS30x73U0eJZPhB+Xm19zeI1qgJgRuJ0IPSDM7AkoPvV4JKAlqq1nEb/M7xs7zRjDM PTZ/MJWxPqp5DamD8kojtAE9yT0YUAz5ZfGPQcq6ffhXxHD/IkuIDIaj8httkRuQOD/F Q5m5hRwTv6TKfXuJL9kIydS+RpP1y2fZjVGVsTcK6VBuOdy+gE98yay+jsfLZYPc4y+o aS3cQDClMGavRGAfnmP+9TYsnSdTXBUfWNUHrfCaZsSII0sUJgn2JdqgcIWA9PM84JXe ZOZA==
X-Gm-Message-State: APjAAAVjG5svaZpLwKw6sWlcIdwrYr2QWFa0QbDotRbGU9EKMHMxme6S Rned1oD0rRUhB7Z1B00zb6LZlLaenUtAx6aWZltJKA==
X-Google-Smtp-Source: APXvYqweCCWUpotj8m6IKbFXBcorPic7XbsV9IDU/IyCN2IQF0LKWYEJRS8prpZYRbVZxTAjipLKqfHLA6S0/tj3B70=
X-Received: by 2002:a05:620a:1368:: with SMTP id d8mr5843qkl.107.1559165254145; Wed, 29 May 2019 14:27:34 -0700 (PDT)
MIME-Version: 1.0
References: <155841904754.12856.3727925672753047210.idtracker@ietfa.amsl.com> <9d21f083-4cba-1dd1-f5bb-c95984d3127b@si6networks.com> <9d74c6e3-244e-fdd7-184a-0572f4f144cd@ntp.org> <25275d68-8c18-1616-f226-dffe7e21091e@si6networks.com> <20190528174208.11253a67@rellim.com> <1a133133-5d6a-ca96-6c15-73e6933baffc@si6networks.com> <2794A95B-B118-40BD-AD60-DCB50CC32717@latt.net> <2107d74d-02da-cbd7-7a12-2837cb2e47a2@si6networks.com> <ced4c6d4-c34d-3460-eccc-b5608fbd340e@nwtime.org> <b4faacdf-3d9b-5e47-2415-276ef3d7f3af@si6networks.com> <69295233-497e-fa31-3270-691407fb6f30@nwtime.org> <15a5c387-8a44-5d7e-404b-e953a7a81737@si6networks.com> <f1b43a93-83cb-4a8a-1cbb-dcfda1e12943@pdmconsulting.net> <3ac96dec-e1ca-c0d0-1cda-7bb55c641a4c@si6networks.com> <5534f617-f15b-41f7-a89a-813afadb10f7@nwtime.org> <6d531349-8904-0e4b-5f8e-41ce43a2aecc@si6networks.com>
In-Reply-To: <6d531349-8904-0e4b-5f8e-41ce43a2aecc@si6networks.com>
From: Watson Ladd <watson@cloudflare.com>
Date: Wed, 29 May 2019 14:27:23 -0700
Message-ID: <CAN2QdAGQugtp=L3-MxEULJOUhtyjxn-g1z+HhGTr11cuU7xDaQ@mail.gmail.com>
To: Fernando Gont <fgont@si6networks.com>
Cc: Harlan Stenn <stenn@nwtime.org>, NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/n5RBvVQPqc5PbBwDkecSo6ywjeg>
Subject: Re: [Ntp] New rev of the NTP port randomization I-D (Fwd: New Version Notification for draft-gont-ntp-port-randomization-01.txt)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2019 21:27:37 -0000

On Wed, May 29, 2019 at 12:01 PM Fernando Gont <fgont@si6networks.com> wrote:
>
....
> Having clients use ephemeral ports also allows for easy identification
> of NTP client vs server traffic -- if you wanted to distinguish that for
> the purpose of packet filtering.

As I mentioned on the virtual interim today, client port=server port
has negative implications for DDOS defense. I don't see what the
disadvantage of randomizing client port is that outweighs the
advantages.



>
> Thanks,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email