[ntp:hackers] NTP clients using source ports lower than 123

Ronan Flood ronan at nosc.ja.net
Thu Dec 17 16:21:34 UTC 2009


Folks,

I see a code change in ntp-4.2.6 I'm not sure about.
In ntp_proto.c/receive(), the check for a bogus source port has been
changed from

	if (SRCPORT(&rbufp->recv_srcadr) == 0)

to

	if (SRCPORT(&rbufp->recv_srcadr) < NTP_PORT)

Is that right?  I'm still running 4.2.2 and I see clients in my monlists
using source ports lower than 123.  In fact I had dealings recently with
a customer on a Windows client whose queries were coming from port 19;
and they still are.  He's behind a firewall which may be doing NAT.

Using such low ports may or may not be technically incorrect, but should
ntpd arbitrarily ignore unusual clients?


More information about the hackers mailing list