[ntp:questions] Re: server's address in ntp payload?

Brian Utterback brian.utterback at sun.removeme.com
Thu Nov 17 15:40:53 UTC 2005


Ulisses wrote:
> Hello all
> 
> I have take a look at ntp_request.h and I found that ntp doesn't put the the ip
> address of the remote server being used in the request. That is, in the
> ntp payload you can obtain the addresses of the peers and reference clocks of the
> server but not the address of the server itself, and therefore the only way
> to get the address of the server is looking at the IP header.
> 
> Am I wrong?

You are correct, that is a flaw in the protocol design. It has always
been the case that it is easy to get the address from whence a UDP
was sent, but there is no portable way to determine to where it was
bound. This has led to the super-kludge of binding to all IP addresses
on the system as being the best of a bad lot.

As one security guru recently said, "authentication based on IP address
is sooo 1980's"

-- 
blu

Remember when SOX compliant meant they were both the same color?
----------------------------------------------------------------------
Brian Utterback - OP/N1 RPE, Sun Microsystems, Inc.
Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom




More information about the questions mailing list