[Ntp] Antw: Re: New rev of the NTP port randomization I-D (Fwd: New Version Notification for draft-gont-ntp-port-randomization-01.txt)

"Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de> Wed, 29 May 2019 09:06 UTC

Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E16F812010E for <ntp@ietfa.amsl.com>; Wed, 29 May 2019 02:06:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17t3pEpCerWb for <ntp@ietfa.amsl.com>; Wed, 29 May 2019 02:06:29 -0700 (PDT)
Received: from mx3.uni-regensburg.de (mx3.uni-regensburg.de [IPv6:2001:638:a05:137:165:0:4:4e79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 577DC120072 for <ntp@ietf.org>; Wed, 29 May 2019 02:06:29 -0700 (PDT)
Received: from mx3.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id C008B6000057 for <ntp@ietf.org>; Wed, 29 May 2019 11:06:26 +0200 (CEST)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx3.uni-regensburg.de (Postfix) with ESMTP id 84E156000051 for <ntp@ietf.org>; Wed, 29 May 2019 11:06:26 +0200 (CEST)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Wed, 29 May 2019 11:06:26 +0200
Message-Id: <5CEE4B90020000A1000317F4@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.1.1
Date: Wed, 29 May 2019 11:06:24 +0200
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
To: "ntp@ietf.org" <ntp@ietf.org>,"Danny Mayer" <mayer@ntp.org>
References: <155841904754.12856.3727925672753047210.idtracker@ietfa.amsl.com> <9d21f083-4cba-1dd1-f5bb-c95984d3127b@si6networks.com> <9d74c6e3-244e-fdd7-184a-0572f4f144cd@ntp.org> <25275d68-8c18-1616-f226-dffe7e21091e@si6networks.com> <20190528174208.11253a67@rellim.com> <1a133133-5d6a-ca96-6c15-73e6933baffc@si6networks.com> <2794A95B-B118-40BD-AD60-DCB50CC32717@latt.net> <f03dbfbd-007a-fa81-f846-85079a59dddd@si6networks.com> <c4384ecc-2711-3479-df21-d6533f438418@ntp.org>
In-Reply-To: <c4384ecc-2711-3479-df21-d6533f438418@ntp.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/sqheKabU9g0BIG9CCccR8JrJZYA>
Subject: [Ntp] Antw: Re: New rev of the NTP port randomization I-D (Fwd: New Version Notification for draft-gont-ntp-port-randomization-01.txt)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2019 09:06:31 -0000

>>> Danny Mayer <mayer@ntp.org> schrieb am 29.05.2019 um 10:42 in Nachricht
<c4384ecc-2711-3479-df21-d6533f438418@ntp.org>rg>:

> On 5/29/19 12:18 AM, Fernando Gont wrote:
>> On 28/5/19 23:20, Majdi S. Abbas wrote:
>>> Randomizing the source port is pointless.  As Danny has noted, t1
>>> already acts as a 2^64 nonce on each client mode chime request.  This
>>> sufficiently hardens the unauthenticated case to an off path
>>> attacker.  If additional security is required, authentication (via
>>> classic PSK, or NTS modes) should be used.
>> Using predictable numeric identifiers is a bad habit. We have plenty of
>> history in this area and, as noted, it's quite interesting to see folks
>> pushing in this direction in 2019, when the tendency has been to
>> actually move away from predictable numeric IDs (TCP ISNs, transport
>> protocol numbers, DNS TxIDs, Frag IDs, etc.).
>>
>> Using predictable port numbers makes it easy for an attacker to infer
>> the "session id". You are just considering one possible attack scenario.
>>
> You are totally missing the point. The port numbers don't make NTP
> vulnerable. The "session id" does not exist here. Instead NTP has an
> origin timestamp that an off‑path attacker does not have access to. Even
> if it did, then the origin timestamp is wildly different each time it's
> sent and is not predictable. This is a 64‑bit nonce.

...of which about 30 bits are random (assuming the attacker knows what time it
is and packets take less than one second to travel)...

[...]

Regards,
Ulrich Windl