[ntp:hackers] Weekend report
David L. Mills
mills at udel.edu
Sat Mar 12 17:51:01 PST 2005
Guys,
I lied in my last. Some time ago I changed the transmit procedure in
ntp_proto.c to reset a persistent association if it became unreachable.
That was wrong according to my previous message. However, it was and is
my intent to demobilize an ephemeral association when the server becomes
unreachable (broadcast client and symmetric passive). I fixed that and
confirmed persistent associations do survive after the server is lost. I
also verified that a client of the orphaned server lasts about five
hours before the orphan is declared unfit for synchronization. This can
be tinkered as the maxdist parameter.
I found and repaired an error in the notrust restriction that prevented
an autokey client from recovering after server key refresh. I found and
fixed errors in the novolley function with symmetric keys. I found and
fixed inconsistencies in the timestamp auditing, loopback check and
crypto-NAK code. The loopback/crypto-NAK code operates very much like
the TCP RESET function and is designed to avoid spurious crypto resets
by teenage terrorists. The resulting code is smaller, cleaner and
flowchartable.
There is a known vulnerability where the hacker spews packets with all
timestamps zero except the transmit timestamp. This prevents the victim
from ever synchronizing to a legitimate source as long as the hacker
spews. In some crypto modes the hacker could prevent the autokey dance
from completing by sending spurious crypto-NAK messages, but the
modified loopback/crypto-NAK should now avoid that vulnerability.
I've updated the test suite as various wrinkles have showed up. This is
still very preliminary. One of my favorite is to purposely crash either
the server or client in the middle of an autokey dance and verify the
protocol recovers correctly after restart. This is exactly what the
Internet Construction Corps and I did at Jon Postel's Bakeoff Parties 25
years ago. We were testing our TCP implementations by connecting and
then trying to destroy each others implementation. We need a NTP Bakeoff
today, but it seems I'm the only baker.
Dave
More information about the hackers
mailing list