[ntp:bugs] [Bug 3055] New: ntpd should not shorten polling interval with KoD RATE packets

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Tue May 17 12:03:19 UTC 2016


             Bug #: 3055
           Summary: ntpd should not shorten polling interval with KoD RATE
           Product: ntp
           Version: 4.2.8
          Platform: PC
        OS/Version: All
            Status: CONFIRMED
          Severity: normal
          Priority: P5
         Component: ntpd
        AssignedTo: stenn at ntp.org
        ReportedBy: mlichvar at redhat.com
                CC: bugs at ntp.org
    Classification: Unclassified

When ntpd as a client receives a KoD RATE packet, it adjusts its polling
interval to the poll value in the packet and also adjusts the minimum polling
interval if it's smaller than the packet's poll. The assumption is that the
value is larger than the current polling interval, but that doesn't always have
to be the case. If it is shorter, ntpd will be polling the server more
frequently, doing the opposite of how KoD RATE is supposed to be handled.

Currently, ntpd as a server sets the poll value in the packet to the maximum of
the client's poll and the minimum average interpacket spacing as configured by
"discard average" (by default 3). This is a problem as it allows an attacker to
flood the server with packets using a spoofed source address and trigger a KoD
RATE reply when the real client sends its next request. The server will reply
with a poll that's equal to the client's poll and the client will set its
minimum polling interval to it, which means it will no longer be able to use a
shorter interval when needed (e.g. when its clock becomes less stable).

In order to fix this problem, ntpd as a server will need to reply with KoD RATE
packets having poll set to the rate limiting interval even if it's shorter than
the client's poll. However, before that can happen the clients must be modified
to not shorten their polling interval when they receive a smaller poll.
Otherwise this could actually increase the amount of traffic received by the

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the bugs-announce mailing list