Transmit timestamp of the pool monitoring

NTPman · March 6, 2020, 8:43am

At this moment the transmit timestamps of the monitoring queries are random values. The explanation is that it is for privacy (sic!) and prevent spoofing. Isn’t the UDP source port for the query is random enough for the same purpose? Or as a compromise, for the transmit timestamp use the local time minus a smaller random value ( 2 bytes long). Together with the UDP source port that would give about 31 bit randomness, which I believe would be sufficient protection against any packet spoofing attempt.

We should exclude the possibility, that certain packet drops are due to some router are checking for crazy transmit timestamps (for example way ahead in the future).

mlichvar · March 6, 2020, 2:22pm

Random source port makes spoofing attacks more difficult, but if the transmit timestamp is predictable (e.g. constant), the random port alone is not enough.

Some clients have been using fully randrom transmit timestamps for a long time. If it caused an issue with networking devices, I think we would know it by now.

The reason why we have these problems is that the devices that drop NTP packets don’t examine their content. When I asked a major ISP why they don’t just block the NTP modes that allow amplification (i.e. mode 6 and 7), they said the hardware they use cannot do that.

Topic		Replies	Views
Safeguards against pool poisoning/abuse/exploitation	5	1508	February 12, 2020
Monitor Details Pool Development beta , monitoring	5	1300	November 13, 2018
Suspicious DNS replies on 0.centos.pool.ntp.org query	7	1523	February 14, 2020
Massive packet loss on be.pool.ntp.org since 9/09/2019 Client Configuration and Development monitoring	9	1418	September 14, 2019
Suggestion for http://www.pool.ntp.org/en/join.html Pool Development	5	1376	September 30, 2018

Transmit timestamp of the pool monitoring

Related topics