[ntp:questions] Re: server's address in ntp payload?

Danny Mayer mayer at gis.net
Fri Nov 18 02:58:57 UTC 2005


Brian Utterback wrote:
> Ulisses wrote:
> 
>> Hello all
>>
>> I have take a look at ntp_request.h and I found that ntp doesn't put
>> the the ip
>> address of the remote server being used in the request. That is, in the
>> ntp payload you can obtain the addresses of the peers and reference
>> clocks of the
>> server but not the address of the server itself, and therefore the
>> only way
>> to get the address of the server is looking at the IP header.
>>
>> Am I wrong?
> 
> 
> You are correct, that is a flaw in the protocol design.

No it is not a flaw in the protocol design. It would be if it were put
in. The address doesn't belong there, it belongs in the IP header which
the receiving server always gets.

 It has always
> been the case that it is easy to get the address from whence a UDP
> was sent, but there is no portable way to determine to where it was
> bound.

You can use sendmsg/recvmsg to do this but it's not implemented on all
platforms and I declined to work all the issues necessary to use it.

> This has led to the super-kludge of binding to all IP addresses
> on the system as being the best of a bad lot.
> 

Not at all. There are a number of reasons to bind all of the IP
addresses individually.  It's true in BIND too. In NTP it's even more
important to bind all addresses since that means another application
cannot be using the NTP port. You don't want another application setting
the clock or sending out its own spurious packets. You MUST guarantee
that you return packets ONLY on the same address that the requestor
packet was sent to, you must do authentication using only one address
and only accept packets between those two addresses that you can
validate once you have an agreed-upon authentication.


> As one security guru recently said, "authentication based on IP address
> is sooo 1980's"
> 

It's not BASED on the IP address, it just doesn't allow authentication
between two nodes to change IP addresses once a node has been
authenticated. A packet from a different IP address is considered
unauthenticated until the authentication is done.

Danny



More information about the questions mailing list