[ntp:security] NOEPEER patch

Martin Burnicki martin.burnicki at meinberg.de
Thu Aug 2 10:35:20 UTC 2018


I'm currently running tests with the updated ntp_proto.c file you provided.

A strange observation I've made even with the original ntp_proto.c:

If the local ntpd receives an "symmetric active" packet signed with an
unknown/untrusted key, it sends a "symmetric **active**" packet with a
crypto NAK back to the remote node.

Contrarily, if a "client" request with unknown key is received, a
"server" reply is sent back, with a crypto NAK appended. So shouldn't
ntpd send a "symmetric **passive**" response with crypto NAK in this case?

This would make more sense to me.

When the remote node that initially sent the "symmetric active" request
receives the "symmetric **active**" response with crypto NAK then it
also generates an error message that is IMO misleading in this case, e.g.

Invalid-NAK error at 20

This message is repeated after each symmetric active poll.

This would mean that the **NAK** is invalid, but actually a valid crypto
NAK was received in a response simply because an unknown key has been
used in the request.

Not sure under which other conditions this log message is generated, but
I think we should first make sure that the response packet mode for this
case is changed to "symmetric **passive**". An extra log message
shouldn't be necessary since the "Auth not OK" should be visible in the
ntpq billboard, but eventually a debug message could be generated instead.

Martin Burnicki

Senior Software Engineer

MEINBERG Funkuhren GmbH & Co. KG
Email: martin.burnicki at meinberg.de
Phone: +49 5281 9309-414
Linkedin: https://www.linkedin.com/in/martinburnicki/

Lange Wand 9, 31812 Bad Pyrmont, Germany
Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Managing Directors: Günter Meinberg, Werner Meinberg,
Andre Hartmann, Heiko Gerstung
Websites: https://www.meinberg.de  https://www.meinbergglobal.com
Training: https://www.meinberg.academy

More information about the security mailing list