[ntp:questions] Re: Can you test my server please.
Brad Knowles
brad at stop.mail-abuse.org
Thu Nov 25 01:53:51 UTC 2004
At 12:52 AM +0000 2004-11-25, Wolfgang S. Rupprecht wrote:
> How about this idea: have each client announce it's name and version
> number in every request packet. Unapproved clients get
> ignored/kod-ed/sent-the-wrong-time. For a client to be approved for
> serving at pools.ntp.org someone at pools.ntp.org needs to audit and
> give their stamp of approval. Obvious crap code gets laughed at.
> Code that later misbehaves even though it looks like it should work
> gets its certification pulled.
You're talking about significant changes to the NTP protocol. I
think that's a non-starter.
Moreover, all claimed version information could be spoofed with
trivial ease. If you're going to try to go this route, a better way
would be to authenticate the clients to the server, but then you're
talking about a very significant additional load being placed on the
server -- and more NTP protocol changes.
> This wont stop someone willfully beating on a pools server with
> homegrown code, but then nothing will. We are talking about udp after
> all. The best pools.ntp.org can do is get the attention of the
> developers up front in a way that the developers can't ignore.
I think we have no choice but to use the methods that are
available to us, with the existing protocol.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the questions
mailing list