[ntp:hackers] unprivileged ntpd prototype

tglassey tglassey at glassey.com
Thu Nov 5 18:55:35 UTC 2009


Danny Mayer wrote:
> Terje Mathisen wrote:
>   
>> Brian Utterback wrote:
>>     
>>> Now, I can't say that they should not, but I can say that it violates
>>> the RFC and that it is a feature that has been discussed and rejected
>>> many times before.
>>>
>>> So, we have three choices:
>>>
>>> 1. Reject the alternate port feature out of hand.
>>> 2. Force the synth-clock when an alternate port is in use, making the
>>> alternate port useless in deployment.
>>> 3. Re-visit the prohibition against using alternate ports.
>>>       
>> My vote is on (3):
>>
>> NTP might be the only protocol which cannot run over a non-standard 
>> port, I really don't see how having this ability will hurt us.
>>     
>
> That's actually untrue. Nothing on the internet would work if services
> were not available on a specific port. The key here is the listening
> port. The sending port does not matter. When was the last time you
> attempted an SMTP connection on to a service not listening on port 25 or
> DNS on port 53? That's why they are required.
>   
The only people tied to the 123 port are those dependent on preexisting 
code and services based on that code which uses that port and that's the 
totality of the matter.

If you want to use public time services from the Internet then you are 
stuck with having to use port 123 externally only. NTP shouldn't care 
beyond that. The assignment of port 123 is a default setting ONLY and 
should be allowed to be set to whatever the users wants it to be for 
their network-security topology and evidence models.

Todd

> Danny
>
>   
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com 
> Version: 8.5.424 / Virus Database: 270.14.47/2478 - Release Date: 11/03/09 07:36:00
>
>   



More information about the hackers mailing list