[ntp:hackers] Update summary

Danny Mayer mayer at ntp.isc.org
Sat Nov 24 02:38:32 GMT 2007


David L. Mills wrote:
> 2. The KoD machinery was broken and vulnerable to crafted attack from a 
> perp that purposely sprays KoDs to the broadcast address, for example. 
> As long as broadast, manycast and symmetric passive associations are 
> authenticated, this can't happen now. I made good on my threat to poison 
> KoDs. A KoD now has all three timestamps set to the transmit timestamp 
> of the client packet; in other words, it is a correct packet but does 
> not reveal the server time.
> 
> At the moment, an arriving KoD latches the victim association so it
> will send no further packets until the program is restarted. This
> design might be modified in future.
> 

So this means that an errant client will then have its clock slowly move
backwards if it believes the timestamps since the delta time for the
server is 0 and the delta for the client time is assumed to be twice the
delay so it will apply half the delay to the current client's time. If
you set the server timestamps to 0 what would the effect be?

> 3. A good deal or work was spent on the server discovery schemes, 
> including broadcast, manycast and the pool. They now work in the same 
> way with the tos floor/ceiling/cohort and tos minclock/maxclock 
> commands. All premptable associations have a watchcat timer that 
> eventually demobilized the associations from the end of the survivor 
> list as long as the number of survivors is greater than maxclock. Then, 
> the cluster algorithm whittles the subset that chimes the clock as in 
> all cases until the number of survivors is at least minclock.
> 
> In running this thing with the pool, I noticed some survivors simply 
> left the planet and of course never came back. We need the asynchronous 
> resolver.
> 

I'm working on getting the machinery set up to requery the DNS for new
IP addresses so that if you decide that what you have is no longer any
good you can try with a new set. This will allow us to set something up
to do asynchronous queries later. Currently, except for the pool config
option we only use the first address we get.

Danny


More information about the hackers mailing list