[ntp:questions] ntp survey

Unruh unruh-spam at physics.ubc.ca
Tue Dec 30 23:01:19 UTC 2008


Tim Shoppa <shoppa at trailing-edge.com> writes:

>On Dec 30, 12:32=A0pm, Unruh <unruh-s... at physics.ubc.ca> wrote:
>> "Richard B. Gilbert" <rgilber... at comcast.net> writes:
>>
>>
>>
>>
>>
>> >Tim Shoppa wrote:
>> >> On Dec 29, 10:47 pm, ma... at ntp.isc.org (Danny Mayer) wrote:
>> >>> Antonio,
>>
>> >>> If you are really from nic.br please use your email address from that
>> >>> domain. It is unacceptable to use a gmail account for such notificati=
>ons.
>>
>> >>> Danny
>>
>> >> This is usenet, where anyone can set their "from" address to anything
>> >> they want, and posting with an E-mail address that is adequately spam-
>> >> filtered makes perfect sense.
>>
>> >> I'm not sure there's any real requirement that anyone has to announce
>> >> any particular e-mail address to run a NTP survey. He made the
>> >> methodology clear, said where the queries will be coming from, and I
>> >> think it's good that surveys continue and, like Antonio and his
>> >> collaborators do, they make the details and results public.
>>
>> >> Tim.
>> >There is no requirement that he even announce his survey! =A0It is polit=
>e
>> >for him to do so but no more than that.
>>
>> Well, Under various laws he may be guilty of hacking/cracking/illegal use
>> fo computer time/... unless he gets permission. There has at least been a
>> strong feeling by many expressed that access does not imply permission. I=
>e,
>> just because the ntp port is open does not mean that anyone has permissio=
>n
>> to use that port (eg is port scanning legal?). It is of course a complete=
> legal can of worms.
>> But announcing the survey here might be useable as a partial defense =A0i=
>f
>> the worms wriggled out of the can.

>Bill -
>  NTP surveys are good things. NTP Surveys that publish their results
>are even better. A NTP client is a server. Port scanning is bad.

I do not dispute that and I suspect that any court would take that position
as well. I am hypothesising that one of the reasons they announced the
survey was as one more brick in a possible defence against some prosecutor
in some jurisdiction accussing them of hacking.

There have been interminable arguments as to whether or not port scanning
should be criminalised. That would almost certainly extend to this kind of
survey. I think it would be a very bad idea to criminalise port scanning,
but many people think otherwise. 



>  Would somebody have to mount a criminal defense just because a ntpq
>or ntpd packet arrived somewhere with their return address? I hope
>not.

Unfotunately in a court, hopes do not count for much. 


>  All that said there is a sucky truth: a lot of the network
>monitoring software that network dweebs like to run, will kick out all
>port 123 traffic as third-degree security violations.

>Tim.




More information about the questions mailing list