[ntp:security] NOEPEER patch

Martin Burnicki martin.burnicki at meinberg.de
Mon Jul 30 08:56:09 UTC 2018


Harlan Stenn wrote:
[...]
> I don't think I was involved in that discussion or coding.

At least you haven't commented in those threads. ;-)

> I'm assuming it's not that important that we find out who was involved,
> it's more important that we fix this ASAP.

Yes.

> Similarly, it's too bad that we didn't know about this before I released
> the proposed tarball.  But we're past that now.

Yes.

>> With the latest NOEPEER patch such "symmetric active" requests are
>> simply dropped, but IMO it would be good to get the behavior back that
>> was initially implemented by DLM, i.e. send a "symmetric passive" reply
>> back, but don't mobilize an association, unless authenticated.
>>
>> Do you think we can modify the patch so that we get this behavior back
>> in p12? It shouldn't be too hard to get it.
> 
> Yes, I'm happy to find a solution to this and include it in p12.

That would be really good.

> Do you know if the Windows client will be upset if it gets back a mode 4
> (server) response instead of a mode 2 (passive symmetric) response?

I haven't tried this, yet, but I'm going to investigate.

Would this be easier or more straightforward? With sending a passive
symmetric response it should work anyway ...


Martin
-- 
Martin Burnicki

Senior Software Engineer

MEINBERG Funkuhren GmbH & Co. KG
Email: martin.burnicki at meinberg.de
Phone: +49 5281 9309-414
Linkedin: https://www.linkedin.com/in/martinburnicki/

Lange Wand 9, 31812 Bad Pyrmont, Germany
Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Managing Directors: Günter Meinberg, Werner Meinberg,
Andre Hartmann, Heiko Gerstung
Websites: https://www.meinberg.de  https://www.meinbergglobal.com
Training: https://www.meinberg.academy



More information about the security mailing list