[ntp:hackers] NTP clients using source ports lower than 123

Brian Utterback brian.utterback at sun.com
Sun Dec 20 14:26:25 UTC 2009



Danny Mayer wrote:
> Brian Utterback wrote:
>> Danny Mayer wrote:
>>
>>> I think that is a policy decision in which case we would need to put
>>> such a restriction into the configuration file for an admin to apply as
>>> they see fit. In theory it should be either 123 or > 1023.
>>>
>>> Danny
>>>
>> Why in the world would you disallow the other ports below 1024?
> 
> That's why I consider it a policy decision. If you have are admin that
> wants to restrict what queries it accepts then you should be able to
> allow them to do so. I personally see no reason to allow queries from
> privileged ports outside of ntp's 123 port, but I don't think I should
> impose that opinion on others.
> 
> Danny
> 

I agree that it should be a policy decision, but you stated above that
the allowed port range should be either any port above 1023 or exactly
123. That is what I disagree with. Ports between 512 and 1023 are
already treated as "ephemeral" priv ports. As an administrator, why
should I be prevented from using an alternative priv port than 123?
-- 
blu

It's bad civic hygiene to build technologies that could someday be
used to facilitate a police state. - Bruce Schneier
----------------------------------------------------------------------
Brian Utterback - Solaris RPE, Sun Microsystems, Inc.
Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom


More information about the hackers mailing list