draft-ietf-ntp-port-randomization-03.txt   draft-ietf-ntp-port-randomization-04.txt 
Network Time Protocol (ntp) Working Group F. Gont Network Time Protocol (ntp) Working Group F. Gont
Internet-Draft G. Gont Internet-Draft G. Gont
Updates: rfc5905 (if approved) SI6 Networks Updates: rfc5905 (if approved) SI6 Networks
Intended status: Standards Track M. Lichvar Intended status: Standards Track M. Lichvar
Expires: November 29, 2020 Red Hat Expires: December 12, 2020 Red Hat
May 28, 2020 June 10, 2020
Port Randomization in the Network Time Protocol Version 4 Port Randomization in the Network Time Protocol Version 4
draft-ietf-ntp-port-randomization-03 draft-ietf-ntp-port-randomization-04
Abstract Abstract
The Network Time Protocol can operate in several modes. Some of The Network Time Protocol can operate in several modes. Some of
these modes are based on the receipt of unsolicited packets, and these modes are based on the receipt of unsolicited packets, and
therefore require the use of a service/well-known port as the local therefore require the use of a service/well-known port as the local
port number. However, in the case of NTP modes where the use of a port number. However, in the case of NTP modes where the use of a
service/well-known port is not required, employing such well-known/ service/well-known port is not required, employing such well-known/
service port unnecessarily increases the ability of attackers to service port unnecessarily increases the ability of attackers to
perform blind/off-path attacks. This document formally updates perform blind/off-path attacks. This document formally updates
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 29, 2020. This Internet-Draft will expire on December 12, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 25 skipping to change at page 2, line 25
3. Considerations About Port Randomization in NTP . . . . . . . 3 3. Considerations About Port Randomization in NTP . . . . . . . 3
3.1. Mitigation Against Off-path Attacks . . . . . . . . . . . 3 3.1. Mitigation Against Off-path Attacks . . . . . . . . . . . 3
3.2. Effects on Path Selection . . . . . . . . . . . . . . . . 4 3.2. Effects on Path Selection . . . . . . . . . . . . . . . . 4
3.3. Filtering of NTP traffic . . . . . . . . . . . . . . . . 4 3.3. Filtering of NTP traffic . . . . . . . . . . . . . . . . 4
3.4. Effect on NAT devices . . . . . . . . . . . . . . . . . . 5 3.4. Effect on NAT devices . . . . . . . . . . . . . . . . . . 5
3.5. Relation to Other Mitigations for Off-Path Attacks . . . 5 3.5. Relation to Other Mitigations for Off-Path Attacks . . . 5
4. Update to RFC5905 . . . . . . . . . . . . . . . . . . . . . . 5 4. Update to RFC5905 . . . . . . . . . . . . . . . . . . . . . . 5
5. Implementation Status . . . . . . . . . . . . . . . . . . . . 6 5. Implementation Status . . . . . . . . . . . . . . . . . . . . 6
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
9.1. Normative References . . . . . . . . . . . . . . . . . . 8 9.1. Normative References . . . . . . . . . . . . . . . . . . 8
9.2. Informative References . . . . . . . . . . . . . . . . . 8 9.2. Informative References . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
The Network Time Protocol (NTP) is one of the oldest Internet The Network Time Protocol (NTP) is one of the oldest Internet
protocols, and currently specified in [RFC5905]. Since its original protocols, and currently specified in [RFC5905]. Since its original
implementation, standardization, and deployment, a number of implementation, standardization, and deployment, a number of
vulnerabilities have been found both in the NTP specification and in vulnerabilities have been found both in the NTP specification and in
some of its implementations [NTP-VULN]. Some of these some of its implementations [NTP-VULN]. Some of these
vulnerabilities allow for off-path/blind attacks, where an attacker vulnerabilities allow for off-path/blind attacks, where an attacker
can send forged packets to one or both NTP peers for achieving Denial can send forged packets to one or both NTP peers for achieving Denial
skipping to change at page 6, line 5 skipping to change at page 5, line 51
dstport: UDP port number of the client. In the case of broadcast dstport: UDP port number of the client. In the case of broadcast
server mode (5) and symmetric modes (1 and 2), it SHOULD contain server mode (5) and symmetric modes (1 and 2), it SHOULD contain
the NTP port number PORT (123) assigned by the IANA. In the the NTP port number PORT (123) assigned by the IANA. In the
client mode (3), it SHOULD contain a randomized port number, as client mode (3), it SHOULD contain a randomized port number, as
specified in [RFC6056]. The value in this variable becomes the specified in [RFC6056]. The value in this variable becomes the
source port number of packets sent from this association. The source port number of packets sent from this association. The
randomized port number SHOULD NOT be shared with other randomized port number SHOULD NOT be shared with other
associations. associations.
If a client implementation performs port randomization on a per-
request basis, it SHOULD close the corresponding socket/port after
each request/response exchange. The client SHOULD wait for
response packets from the server for at least 3 seconds before
closing the UDP socket/port, even if a successful response is
received. This will prevent duplicate or delayed server packets
from eliciting ICMP port unreachable error messages at the client.
NOTES: NOTES:
The choice of whether to randomize the port number on a per- The choice of whether to randomize the port number on a per-
request or a per-association basis is left to the request or a per-association basis is left to the
implementation, and should consider, among others, the implementation, and should consider, among others, the
considerations discussed in Section 3.2. considerations discussed in Section 3.2.
On most current operating systems, which implement ephemeral On most current operating systems, which implement ephemeral
port randomization [RFC6056], an NTP client may normally rely port randomization [RFC6056], an NTP client may normally rely
on the operating system to perform port randomization. For on the operating system to perform port randomization. For
example, NTP implementations using POSIX sockets may achieve example, NTP implementations using POSIX sockets may achieve
 End of changes. 6 change blocks. 
6 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/