[ntp:security] [Bug 2901] Clients that receive a KoD should validate the origin timestamp field.

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Wed Aug 26 00:22:09 UTC 2015


--- Comment #3 from Majdi S. Abbas <msa at latt.net> 2015-08-26 00:22:09 UTC ---
(In reply to comment #1)
> No, any KOD packet received should be dropped. The content of the timestamps
> are of no value in such a case. See RFC 5905 Section 7.4. If there is a problem
> it is that it may not be dropping the packet. Is that what you are observing?

The observations aren't mine, but the problem is that the implementation is
honoring, in client mode, KoDs it receives even if they don't match the chime
request.  Validating that the KoD matches the original request helps to
mitigate a possible attack where an attacker spoofs KoDs from a clients
upstream servers, and by walking the refIDs (at least for v4), successfully
denies time service to that client (or worse, steers it towards one hostile
upstream server.)

> I also don't think this is a security issue.

Unfortunately in a world where BCP38 compliance is far from universal, it's
possible to knock a client offline using only a few spoofed packets.  

Validating the origin timestamp returned to us matches the one sent is low cost
and would help to up the bar on these sorts of attacks.

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list