[ntp:questions] Re: server's address in ntp payload?

Ulisses ulisses.alonso at unavarra.es
Thu Nov 17 16:25:10 UTC 2005

Hello Brian

On Thu, Nov 17, 2005 at 10:40:53AM -0500, Brian Utterback wrote:
> Ulisses wrote:
> the only way to get the address of the server is looking at the IP header.
> >
> >Am I wrong?
> You are correct, 

Ok, thanks so much for your confirmation

> that is a flaw in the protocol design. 

heh, people doing NAT will not agree with you for sure :-)

> It has always
> been the case that it is easy to get the address from whence a UDP
> was sent, but there is no portable way to determine to where it was
> bound. This has led to the super-kludge of binding to all IP addresses
> on the system as being the best of a bad lot.

I see

> As one security guru recently said, "authentication based on IP address
> is sooo 1980's"

maybe we don't have to be gurus to agree on that ;-)

[OFFTOPIC] Probably I'm wrong but I would like also to hear from security 
gurus that blocking icmps or not sending icmp error messages (being silent) 
is a bad practice.

Again, thanks so much for your reply


                Debian GNU/Linux: a dream come true
"Computers are useless. They can only give answers."            Pablo Picasso

"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan

More information about the questions mailing list