[ntp:security] [Non-DoD Source] Re: Problems with new ntpd

Harlan Stenn stenn at nwtime.org
Sat Apr 23 02:37:20 UTC 2016



On 4/22/16 12:43 PM, Prillaman, Jeffrey wrote:
> The bytes themselves aren't always zero, just the leading byte in the
> "Key ID" spot has always been zero. They're not a response packets
> from what I can tell.

OK, well the only things you should be seeing are:

- plain NTP packets

- plain NTP packets with a single MAC field at the end
- - 4 0x00 bytes as the key ID would be a (rare) crypto-NAK
- - 4 nonzero bytes as the key ID would be the key ID:
- - - < 65535 is symmetric key
- - - > 65535 is autokey
- - - followed by:
- - - - 16 more bytes of a 128 bit hash, or
- - - - 20 more bytes of a 160 bit hash, or
- - - - however many bit are needed by the corresponding hash

- plain NTP packets, an autokey EF, and a MAC

Anything else is unexpected.

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!



More information about the security mailing list