[ntp:hackers] Port Question

Helfrich Markus helfrich at rz-zw.fh-kl.de
Tue Aug 5 00:13:05 PDT 2003


Hello,
  i asked the Question bellow in question List but nobody answer..
  now i like to know somthing about the ports where ntpd response..
  It seems to me that the ntpd only answer if the source port from the
  request is 123 or greater than 1024 right ?
  Is it possible to compile the ntpd so that it send a response even
  when the source port is between 123 and 1024 ?

  Here is the Message for an complete description of this behavior ..
  
  ------ Message to question List -------
  i got a strange Problem with my NTP...

  NTP server has the Adress 143.93.17.210
  The internal Netwaork is connected via an CISCO PIX Firewall which
  makes NAT.
  
  If i query the ntp with Windows XP or ntpdate from the internal net
  it doesn't work.
  If i make a ntptrace the response is ok.
  If a query from the sam subnet as the ntp (143.93.17.0 )   ok
  a query of piblic ntp in this case Braunschweig (192.53.103.103)
  works fine from internal and external net..

  A query with ntpdate -u is also ok...

  If the source port from the client is 123 the pix uses a privileged
  port (<1024) for NAT in this Case the ntp server does not respond

  This is the tcpdump if i do a ntpdate 143.93.17.210
  --- SNIP TCPDUMP UDP PORT 123  ----
root at rztime1 [/etc/init.d] tcpdump udp port 123
tcpdump: listening on eth0
14:58:28.900016 sub16.rz-zw.fh-kl.de.160 > rztime1.rz-zw.fh-kl.de.ntp:  v4 client strat 0 poll 4 prec
-6 (DF)
14:58:29.899903 sub16.rz-zw.fh-kl.de.160 > rztime1.rz-zw.fh-kl.de.ntp:  v4 client strat 0 poll 4 prec
-6 (DF)
14:58:30.899922 sub16.rz-zw.fh-kl.de.160 > rztime1.rz-zw.fh-kl.de.ntp:  v4 client strat 0 poll 4 prec
-6 (DF)
14:58:31.899977 sub16.rz-zw.fh-kl.de.160 > rztime1.rz-zw.fh-kl.de.ntp:  v4 client strat 0 poll 4 prec
-6 (DF)
   --- SNAP --------------------------

   Now an tcpdump for an ntpdate -u 143.93.17.210
-------- SNIP -----------

root at rztime1 [/etc/init.d] tcpdump udp port 123
tcpdump: listening on eth0
15:01:15.650329 sub16.rz-zw.fh-kl.de.1030 > rztime1.rz-zw.fh-kl.de.ntp:  v4 client strat 0 poll 4
prec -6 (DF)
15:01:15.652907 rztime1.rz-zw.fh-kl.de.ntp > sub16.rz-zw.fh-kl.de.1030:  v4 server strat 2 poll 4
prec -17 (DF) [tos 0x10]
15:01:15.653230 sub16.rz-zw.fh-kl.de.1030 > rztime1.rz-zw.fh-kl.de.ntp:  v4 client strat 0 poll 4
prec -6 (DF)
15:01:15.653313 rztime1.rz-zw.fh-kl.de.ntp > sub16.rz-zw.fh-kl.de.1030:  v4 server strat 2 poll 4
prec -17 (DF) [tos 0x10]
15:01:15.653575 sub16.rz-zw.fh-kl.de.1030 > rztime1.rz-zw.fh-kl.de.ntp:  v4 client strat 0 poll 4
prec -6 (DF)
15:01:15.653650 rztime1.rz-zw.fh-kl.de.ntp > sub16.rz-zw.fh-kl.de.1030:  v4 server strat 2 poll 4
prec -17 (DF) [tos 0x10]
15:01:15.653908 sub16.rz-zw.fh-kl.de.1030 > rztime1.rz-zw.fh-kl.de.ntp:  v4 client strat 0 poll 4
prec -6 (DF)
15:01:15.654642 rztime1.rz-zw.fh-kl.de.ntp > sub16.rz-zw.fh-kl.de.1030:  v4 server strat 2 poll 4
prec -17 (DF) [tos 0x10]
  
----- SNAP -----------

I dont understand this behavior....
The Problem is that the Windows XP Client uses always port 123 as
source port and the Pix uses an privileged port ... No windows Client
will work..

IS there a possibility to force the ntp Server answering also for
privileged ports ??

Or does anyone know whats going wrong...

  

-- 
Best regards,
 Helfrich                         



+------------------------------------------------------+
| Dipl. Inf. (FH) Markus Helfrich                      |
| Fachhochschule Kaiserslautern Standort Zweibrücken   |
| University of applied Science                        |
| Amerikastr. 1                                        |
| 66482 Zweibrücken                                    |
|                                                      |
| Tel.: +49 6332 914 154                               |
| Fax.: +49 6332 914 155                               |
|                                                      |
| mailto: helfrich at rz-zw.fh-kl.de                      |
+------------------------------------------------------+





More information about the hackers mailing list