[ntp:questions] Re: Can you test my server please.

Brad Knowles brad at stop.mail-abuse.org
Thu Nov 25 01:53:51 UTC 2004


At 12:52 AM +0000 2004-11-25, Wolfgang S. Rupprecht wrote:

>  How about this idea: have each client announce it's name and version
>  number in every request packet.  Unapproved clients get
>  ignored/kod-ed/sent-the-wrong-time.  For a client to be approved for
>  serving at pools.ntp.org someone at pools.ntp.org needs to audit and
>  give their stamp of approval.  Obvious crap code gets laughed at.
>  Code that later misbehaves even though it looks like it should work
>  gets its certification pulled.

	You're talking about significant changes to the NTP protocol.  I 
think that's a non-starter.

	Moreover, all claimed version information could be spoofed with 
trivial ease.  If you're going to try to go this route, a better way 
would be to authenticate the clients to the server, but then you're 
talking about a very significant additional load being placed on the 
server -- and more NTP protocol changes.

>  This wont stop someone willfully beating on a pools server with
>  homegrown code, but then nothing will.  We are talking about udp after
>  all.  The best pools.ntp.org can do is get the attention of the
>  developers up front in a way that the developers can't ignore.

	I think we have no choice but to use the methods that are 
available to us, with the existing protocol.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.



More information about the questions mailing list