On Sat, Apr 7, 2012 at 21:36, Dave Hart <h...@ntp.org> wrote: > I notice the successful clients were querying using ports > 123, and > the failing ones < 123. I dimly recall seeing an inappropriate > less-than-123 source port comparison in ntpd long ago, in fact I'd > have guessed it had been removed before 4.2.6p3.
4.2.6p3 does suffer from the low-port bug: /* * Monitor the packet and get restrictions. Note that the packet * length for control and private mode packets must be checked * by the service routines. Some restrictions have to be handled * later in order to generate a kiss-o'-death packet. */ /* * Bogus port check is before anything, since it probably * reveals a clogging attack. */ sys_received++; if (SRCPORT(&rbufp->recv_srcadr) < NTP_PORT) { sys_badlength++; return; /* bogus port */ } In 4.2.7 that code rejects port 0 alone. Cheers, Dave Hart _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions