[ntp:security] NOEPEER patch
martin.burnicki at meinberg.de
Thu Aug 2 10:35:20 UTC 2018
I'm currently running tests with the updated ntp_proto.c file you provided.
A strange observation I've made even with the original ntp_proto.c:
If the local ntpd receives an "symmetric active" packet signed with an
unknown/untrusted key, it sends a "symmetric **active**" packet with a
crypto NAK back to the remote node.
Contrarily, if a "client" request with unknown key is received, a
"server" reply is sent back, with a crypto NAK appended. So shouldn't
ntpd send a "symmetric **passive**" response with crypto NAK in this case?
This would make more sense to me.
When the remote node that initially sent the "symmetric active" request
receives the "symmetric **active**" response with crypto NAK then it
also generates an error message that is IMO misleading in this case, e.g.
Invalid-NAK error at 20
This message is repeated after each symmetric active poll.
This would mean that the **NAK** is invalid, but actually a valid crypto
NAK was received in a response simply because an unknown key has been
used in the request.
Not sure under which other conditions this log message is generated, but
I think we should first make sure that the response packet mode for this
case is changed to "symmetric **passive**". An extra log message
shouldn't be necessary since the "Auth not OK" should be visible in the
ntpq billboard, but eventually a debug message could be generated instead.
Senior Software Engineer
MEINBERG Funkuhren GmbH & Co. KG
Email: martin.burnicki at meinberg.de
Phone: +49 5281 9309-414
Lange Wand 9, 31812 Bad Pyrmont, Germany
Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Managing Directors: Günter Meinberg, Werner Meinberg,
Andre Hartmann, Heiko Gerstung
Websites: https://www.meinberg.de https://www.meinbergglobal.com
More information about the security