[ntp:hackers] unprivileged ntpd prototype
tglassey
tglassey at glassey.com
Thu Nov 5 18:55:35 UTC 2009
Danny Mayer wrote:
> Terje Mathisen wrote:
>
>> Brian Utterback wrote:
>>
>>> Now, I can't say that they should not, but I can say that it violates
>>> the RFC and that it is a feature that has been discussed and rejected
>>> many times before.
>>>
>>> So, we have three choices:
>>>
>>> 1. Reject the alternate port feature out of hand.
>>> 2. Force the synth-clock when an alternate port is in use, making the
>>> alternate port useless in deployment.
>>> 3. Re-visit the prohibition against using alternate ports.
>>>
>> My vote is on (3):
>>
>> NTP might be the only protocol which cannot run over a non-standard
>> port, I really don't see how having this ability will hurt us.
>>
>
> That's actually untrue. Nothing on the internet would work if services
> were not available on a specific port. The key here is the listening
> port. The sending port does not matter. When was the last time you
> attempted an SMTP connection on to a service not listening on port 25 or
> DNS on port 53? That's why they are required.
>
The only people tied to the 123 port are those dependent on preexisting
code and services based on that code which uses that port and that's the
totality of the matter.
If you want to use public time services from the Internet then you are
stuck with having to use port 123 externally only. NTP shouldn't care
beyond that. The assignment of port 123 is a default setting ONLY and
should be allowed to be set to whatever the users wants it to be for
their network-security topology and evidence models.
Todd
> Danny
>
>
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.424 / Virus Database: 270.14.47/2478 - Release Date: 11/03/09 07:36:00
>
>
More information about the hackers
mailing list