[ntp:hackers] NTP clients using source ports lower than 123

Colby Gutierrez-Kraybill colby at astro.berkeley.edu
Sat Dec 19 22:55:50 UTC 2009


On Dec 19, 2009, at 2:24 PM, Todd Glassey wrote:

> Colby Gutierrez-Kraybill wrote:
>>
>> On Dec 18, 2009, at 1:16 PM, Todd Glassey wrote:
>>
>>> Brian Utterback wrote:
>>>> Danny Mayer wrote:
>>>>
>>>>
>>>>> I think that is a policy decision in which case we would need to  
>>>>> put
>>>>> such a restriction into the configuration file for an admin to  
>>>>> apply as
>>>>> they see fit. In theory it should be either 123 or > 1023.
>>>>>
>>>>> Danny
>>>>>
>>>>>
>>>>
>>>> Why in the world would you disallow the other ports below 1024?
>>>>
>>> The retort could be that they are already used for predefined  
>>> services
>>> for the most part so NTP on them would conflict with other well  
>>> known
>>> services definitions.
>>
>> And why would it be up to ntp to enforce those definitions?
> Because NTP *** MUST *** interoperate with tools in environments  
> which already use those port numbers, if you want to tell NTP to use  
> a port which is already assigned to another service or protocol  
> formally then you risk that you will not be able to use NTP with  
> those types of environment's without more tweaking.

I thought the original code mentioned in this email thread was about  
the source port of an incoming connection to NTP, not the port that  
NTP resides on.  If not, then I'm sorry I have misunderstood.

None the less, it's not up to the maintainers of NTP to be the cops of  
services on the internet.  What problem is being solved here by trying  
to code in a limitation on either A) the port that NTP registers  
itself or B) the source port of a connection coming into NTP?  Yes, by  
default, the behavior of NTP should be to run on the port assigned to  
it either by ad hoc, common-law or IETF documents.

Note that it's possible to assign a different port to many (most?)  
other major applications with standardized port numbers such as ssh  
and http (e.g. sshd -p 300; or specifying any port you like in an  
httpd server's config file).  It's maddening to contemplate that any  
developer focus and energy is being wasted on having NTP try to  
enforce either its own registered port or source ports of connections;  
yanking flexibility out of the hands of end users/system/network  
admins to work with whatever port arrangements they see fit to use.

- Colby



>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> No virus found in this incoming message.
>>>> Checked by AVG - www.avg.com
>>>> Version: 8.5.427 / Virus Database: 270.14.112/2571 - Release  
>>>> Date: 12/17/09 19:40:00
>>>>
>>>>
>>>
>>> _______________________________________________
>>> hackers mailing list
>>> hackers at lists.ntp.org
>>> https://lists.ntp.org/mailman/listinfo/hackers
>>>
>> ------------------------------------------------------------------------
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com Version: 8.5.427 / Virus Database:  
>> 270.14.113/2573 - Release Date: 12/18/09 07:35:00
>>
>>
>



More information about the hackers mailing list