[ntp:questions] notrust alternative?

David L. Mills mills at udel.edu
Sun Nov 5 05:17:03 UTC 2006


You may have misunderstood what the enable/disable auth does. It has 
nothing to do with the autentication method or lack of it. If the switch 
is enabled (enable auth), then associations cannot be mobilized unless 
authentication parameters have been configured and the symmetric active 
or broadcast client is correctly authenticated. If it is disabled 
(disable auth), then mobilization is allowed without requiring 
authentication. This is very bad and apparently led to what evidently is 
a memory clogging attack.

All users: Don't put "disable auth" in your configuration file unless 
you understand the resulting vulnerability and your network cannot be 
connected to the public Internet under any circumstances. Also, make 
sure the Linux and FreeBSD and others do not provide NTP software with 
that switch disabled.

Explicit statements on the interplay between the various option is at 
line 516 et seq in the ntp_proto.c file in the current distribution.


Richard B. Gilbert wrote:
> David L. Mills wrote:
>> Dennis,
>> I checked and rechecked, both in the current code and by actual 
>> experiment. Authentication is enabled by default and associations 
>> cannot be mobilized unless cryptographically authenticated. If no 
>> authentication parameters have been configured, then mobilization is 
>> not possible at all. This is the case in the software that leaves here 
>> (ntp.org), which is why I insist the "official" distribution comes 
>> directly from here and is not staged anywhere else.
> David,
> Something is very wrong here else I fail completely to understand what 
> you just said!  I have never used authentication yet I have managed to 
> operate a stratum 1 server with a  GPS reference clock, and five 
> upstream internet servers.  I have peered this server with another 
> stratum 1 server I operate using a Traconex WWV receiver as a reference.
> I never bothered with authentication.  I have had no problem mobilizing 
> a symmetric association (peer) nor the normal client server associations 
> with my internet servers.  I have not disabled authentication but I have 
> never configured it between any of my local systems or between my local 
> systems and my upstream servers.

More information about the questions mailing list