[ntp:hackers] unprivileged ntpd prototype

M. Warner Losh imp at bsdimp.com
Tue Nov 3 23:48:45 UTC 2009


In message: <4AF0AFBF.8080006 at ntp.org>
            Danny Mayer <mayer at ntp.org> writes:
: Terje Mathisen wrote:
: > Brian Utterback wrote:
: >> Now, I can't say that they should not, but I can say that it violates
: >> the RFC and that it is a feature that has been discussed and rejected
: >> many times before.
: >>
: >> So, we have three choices:
: >>
: >> 1. Reject the alternate port feature out of hand.
: >> 2. Force the synth-clock when an alternate port is in use, making the
: >> alternate port useless in deployment.
: >> 3. Re-visit the prohibition against using alternate ports.
: > 
: > My vote is on (3):
: > 
: > NTP might be the only protocol which cannot run over a non-standard 
: > port, I really don't see how having this ability will hurt us.
: 
: That's actually untrue. Nothing on the internet would work if services
: were not available on a specific port. The key here is the listening
: port. The sending port does not matter. When was the last time you
: attempted an SMTP connection on to a service not listening on port 25 or
: DNS on port 53? That's why they are required.

I've used 'back door' SMTP connections between 'trusted sites' running
on an non-standard port as a 'fast path' for mail between those sites.

The key point here is that while the port is part of the equation, it
isn't a mandatory part.  Traffic to port 123 should be ntp, but that's
not the same thing as saying all ntp traffic must go to port 123.

Warner


More information about the hackers mailing list