Port Randomization in the Network Time Protocol Version 4
draft-ietf-ntp-port-randomization-06
Network Time Protocol (ntp) Working Group F. Gont
Internet-Draft G. Gont
Updates: 5905 (if approved) SI6 Networks
Intended status: Standards Track M. Lichvar
Expires: March 19, 2021 Red Hat
September 15, 2020
Port Randomization in the Network Time Protocol Version 4
draft-ietf-ntp-port-randomization-06
Abstract
The Network Time Protocol can operate in several modes. Some of
these modes are based on the receipt of unsolicited packets, and
therefore require the use of a well-known port as the local port
number. However, in the case of NTP modes where the use of a well-
known port is not required, employing such well-known port
unnecessarily increases the ability of attackers to perform blind/
off-path attacks. This document formally updates RFC5905,
recommending the use of transport-protocol ephemeral port
randomization for those modes where use of the NTP well-known port is
not required.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 19, 2021.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
Gont, et al. Expires March 19, 2021 [Page 1]
Internet-Draft NTP Port Randomization September 2020
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Considerations About Port Randomization in NTP . . . . . . . 3
3.1. Mitigation Against Off-path Attacks . . . . . . . . . . . 3
3.2. Effects on Path Selection . . . . . . . . . . . . . . . . 4
3.3. Filtering of NTP traffic . . . . . . . . . . . . . . . . 4
3.4. Effect on NAT devices . . . . . . . . . . . . . . . . . . 5
3.5. Relation to Other Mitigations for Off-Path Attacks . . . 5
4. Update to RFC5905 . . . . . . . . . . . . . . . . . . . . . . 5
5. Implementation Status . . . . . . . . . . . . . . . . . . . . 6
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
9.1. Normative References . . . . . . . . . . . . . . . . . . 8
9.2. Informative References . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction
The Network Time Protocol (NTP) is one of the oldest Internet
protocols, and currently specified in [RFC5905]. Since its original
implementation, standardization, and deployment, a number of
vulnerabilities have been found both in the NTP specification and in
some of its implementations [NTP-VULN]. Some of these
vulnerabilities allow for off-path/blind attacks, where an attacker
can send forged packets to one or both NTP peers for achieving Denial
of Service (DoS), time-shifts, or other undesirable outcomes. Many
of these attacks require the attacker to guess or know at least a
target NTP association, typically identified by the tuple {srcaddr,
srcport, dstaddr, dstport, keyid} (see section 9.1 of [RFC5905]).
Some of these parameters may be easily known or guessed.
NTP can operate in several modes. Some of these modes rely on the
ability of nodes to receive unsolicited packets, and therefore
require the use of the NTP well-known port (123). However, for modes
Show full document text