[ntp:hackers] NTP clients using source ports lower than 123
Ronan Flood
ronan at nosc.ja.net
Thu Dec 17 16:21:34 UTC 2009
Folks,
I see a code change in ntp-4.2.6 I'm not sure about.
In ntp_proto.c/receive(), the check for a bogus source port has been
changed from
if (SRCPORT(&rbufp->recv_srcadr) == 0)
to
if (SRCPORT(&rbufp->recv_srcadr) < NTP_PORT)
Is that right? I'm still running 4.2.2 and I see clients in my monlists
using source ports lower than 123. In fact I had dealings recently with
a customer on a Windows client whose queries were coming from port 19;
and they still are. He's behind a firewall which may be doing NAT.
Using such low ports may or may not be technically incorrect, but should
ntpd arbitrarily ignore unusual clients?
More information about the hackers
mailing list