Re: NTP security

To: debian-security@lists.debian.org
Subject: Re: NTP security
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Mon, 12 Mar 2001 15:45:18 -0400
Message-id: <[🔎] 20010312154517.E13510@llama.nslug.ns.ca>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 3AAB0D12.F1569FDB@visi.com>; from bryan@visi.com on Sat, Mar 10, 2001 at 11:28:50PM -0600
References: <[🔎] 20010310034004.B12888@audible.transient.net> <[🔎] Pine.SOL.4.31.0103100953470.19324-100000@copland.udel.edu> <[🔎] 20010310124800.C12888@audible.transient.net> <[🔎] 15018.49409.590141.614437@viper.earth> <[🔎] 20010310162551.E12888@audible.transient.net> <[🔎] 3AAB0D12.F1569FDB@visi.com>

On Sat, Mar 10, 2001 at 11:28:50PM -0600, Bryan Andersen wrote:
> Jamie Heilman wrote:
> > > I noticed that /etc/services has a tcp entry for ntp. Is there any way
> > > (short of changing the code) to coax ntp to use tcp instead of udp ?
> > 
> > No, UDP is intrinsic to how NTP works.
> 
> Actually it isn't.  A bi-directional link is usually needed, but it 
> seams the latest version also supports connecting to a multicast 
> network for broadcasting the current time or for receiving it.  In 
> this case there is an unknown amount of network lag between the 
> transmitter and receiver.  For most computers this isn't a problem 
> as it's unlikely the lag will be over 500 ms.  Most computers only 
> need 1 second accuracy if that even.

 That still uses UDP.  Broadcast or multicast UDP, but still UDP.  NTP is
different from DNS and other stuff in that it is a real-time protocol.
Running it over TCP would be trememdously stupid, because you'd have to try
to figure out whether you were seeing a retransmitted segment or not, etc.
In NTP, the information is carried by the arrival time of the packet, as
well as the data in it.  Using TCP hides retransmissions from the
application, and deprives the application of timing information necessary
for NTP to operate.  (You could try to work around it by looking at the RTT,
and rejecting too-high RTTs, but nobody would want to write that since UDP
is exactly what is needed for NTP  (assuming it has to run over an IP
network.  Other networks could do even better for time synchronization by
providing (near) constant latency if asked, or something.))

 So, in summary, you would have to do a whole lot more than just change
SOCK_DGRAM to SOCK_STREAM in the code.  You would have to write and tweak
some code to work around TCP's retransmission algorithm, since retransmitted
packets are useless to you because of the unknown extra delay.

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to:

References:
- Re: NTP security
  - From: Jamie Heilman <jamie@audible.transient.net>
- Re: NTP security
  - From: Rishi L Khan <rishi@UDel.Edu>
- Re: NTP security
  - From: Jamie Heilman <jamie@audible.transient.net>
- Re: NTP security
  - From: S.Salman Ahmed <ssahmed@pathcom.com>
- Re: NTP security
  - From: Jamie Heilman <jamie@audible.transient.net>
- Re: NTP security
  - From: Bryan Andersen <bryan@visi.com>

Prev by Date: Re: 127.0.0.0/8 addresses from the network
Next by Date: RE: NTP security
Previous by thread: Re: NTP security
Next by thread: RE: NTP security
Index(es):
- Date
- Thread