On Sat, Apr 7, 2012 at 21:36, Dave Hart <[email protected]> wrote:
> I notice the successful clients were querying using ports > 123, and
> the failing ones < 123. I dimly recall seeing an inappropriate
> less-than-123 source port comparison in ntpd long ago, in fact I'd
> have guessed it had been removed before 4.2.6p3.
4.2.6p3 does suffer from the low-port bug:
/*
* Monitor the packet and get restrictions. Note that the packet
* length for control and private mode packets must be checked
* by the service routines. Some restrictions have to be handled
* later in order to generate a kiss-o'-death packet.
*/
/*
* Bogus port check is before anything, since it probably
* reveals a clogging attack.
*/
sys_received++;
if (SRCPORT(&rbufp->recv_srcadr) < NTP_PORT) {
sys_badlength++;
return; /* bogus port */
}
In 4.2.7 that code rejects port 0 alone.
Cheers,
Dave Hart
_______________________________________________
questions mailing list
[email protected]
http://lists.ntp.org/listinfo/questions
