[ntp:questions] Re: server's address in ntp payload?

Danny Mayer mayer at gis.net
Fri Nov 18 03:06:39 UTC 2005


Ulisses wrote:
> Hello Brian
> 
> On Thu, Nov 17, 2005 at 10:40:53AM -0500, Brian Utterback wrote:
> 
>>Ulisses wrote:
> 
> [...]
> 
>>the only way to get the address of the server is looking at the IP header.
>>
>>>Am I wrong?
>>
>>You are correct, 
> 
> 
> Ok, thanks so much for your confirmation
> 
> 
>>that is a flaw in the protocol design. 
> 
>

No Brian is wrong. Yon are confusing protocol with implementation.

> heh, people doing NAT will not agree with you for sure :-)
> 

Or anyone else at IETF.

> 
> 
> 
> [OFFTOPIC] Probably I'm wrong but I would like also to hear from security 
> gurus that blocking icmps or not sending icmp error messages (being silent) 
> is a bad practice.
> 

See Mark Andrews comments on this very topic in the bind-users mailing
list/newsgroup. Look for the topic on SO_BSDCOMPAT MESSAGE from
yesterday (Nov 16). I couldn't have said it better myself.

Danny



More information about the questions mailing list