[ntp:questions] Re: server's address in ntp payload?
davids at webmaster.com
Mon Nov 21 22:07:24 UTC 2005
"Danny Mayer" <mayer at gis.net> wrote in message
news:4380AF66.1080007 at gis.net...
> David Schwartz wrote:
>> "Danny Mayer" <mayer at gis.net> wrote in message
>> news:437D4371.2090004 at gis.net...
>>>No it is not a flaw in the protocol design. It would be if it were put
>>>in. The address doesn't belong there, it belongs in the IP header which
>>>the receiving server always gets.
>> It is a flaw. Its absence requires the receiver to assume that the
>> origin address of the UDP packet received is the IP address of the
>> server. This assumption may or may not be correct. But if the address
>> in there, the assumption would not be needed.
> Absolutely not. That would be a layering violation.
What would be a layering violation? Assuming that the source address of
a UDP packet is the address of the machine that sent it?
> Verification is done
> through key exchange and the MAC section in the NTP packet.
That's nice but has nothing to do with how you tell whether two packets
with different source UDP addresses came from the same server or not.
Consider a simple case. We have a simple server that is not using
authentication. It's on a LAN where a lot of machines have both public and
private IP addresses. We recognize our local and internal LANs by their IP
range and don't need to authenticate because spoof protection is done at the
boundaries. We are talking to both 192.168.32.23 and 126.96.36.199, the
question is, are they the same machine or not?
More information about the questions