At 3:56 PM +0930 2005-09-13, Darryl Ross wrote:
I'm not sure whether Miroslaw was talking about tcp-wrappers or not, but
a better solution might be to make ntpd aware of a file on disk (perhaps
a hash like postfix uses for lookups) that contains an IP address (or
classless blocks with mask) per line and it can internally do a lookup
to see whether to respond to the client or not.
I don't think that trying to build this functionality into ntpd
is the way to achieve this goal. The program is bloated enough as it
is.
But, if you wanted to go this route, you could always being it up
at the NTP IETF Working Group.
Oh? How many cisco routers do you think do e-mail? How many SOHO
router/gateways/access points do you think do e-mail? Take a look at
every single device on the entire Internet around the world, and then
realize that most of those devices can (and should) use and/or serve
NTP. Relatively few of them will do e-mail.
And absolutely none of them would ever need to look-up the blacklist.
You said it yourself, they should be *using* ntp, not *serving* ntp.
Go back to that list again. Any or all of them can, and arguably
should, be doing NTP both as client *and* as server.
For a home user, it's much better if their
NAT/firewall/router/gateway/access point does NTP in a mostly
guaranteed correct fashion, and then turns around and serves that
time locally to all the clients. These people wouldn't need to be
using the black list, unless an attacker was going after their
server/network.
While the probability that any one given SOHO server might be
under attack is fairly low, the probability that Linksys or DLink are
guaranteed to have a significant number of customers under attack at
any one time is pretty high. So, it makes perfect sense that they
would want to extend their existing firewall capabilities to include
the use of such a black list.
For a larger network, one of the most scalable ways to distribute
time across all clients is to set up the routers to act as broadcast
NTP servers. You don't want to set them up as unicast servers (see
<http://ntp.isc.org/bin/view/Support/DesigningYourNTPNetwork#Section_5.6.>),
but setting them up as broadcast servers is likely to work well.
But any one of those broadcast servers could potentially be
abused by any given client, and if you're talking about using this
facility at a large ISP, then certainly a black list of the sort
we're talking about could be very useful.
Moreover, anyone with a server on the public Stratum-1 or
Stratum-2 lists underneath the page at
<http://ntp.isc.org/bin/view/Servers/WebHome> would also be a
perfectly valid candidate to use a black list of this sort.
Indeed, anyone running an NTP server anywhere in the world would
be a valid candidate. And that's a much bigger client base than just
the pool.
Why does it matter if it's local, especially if it's some sort of bdb
and not actually stored in memory?
Because the way ntpd works is to lock everything in memory, so
that it can guarantee that it never gets paged or swapped out, and
that it never, ever has to hit the disk again. Moreover, in an
embedded system, this is the *only* option -- there is no disk to hit.
Tying something like ntpd into an on-disk database is absolutely
anethema to everything that NTP is trying to do. Do that with other
programs if you want, but not ntpd.
When a user goes to the web page to see why he's being blocked, that
would need to be done against the database. When they file their
complaint with the help desk, there would need to be a response within a
reasonable period of time, and when the help desk staffers go to look
into the problem in more depth, they'd need to be able to query the
database as well.
You're assuming that people will even know they've been blacklisted.
Many people won't, but crackers will certainly be able to detect
that. And then they will start attacking the infrastructure that
provides whatever black list or other facilities that are preventing
them from getting to their target.
Oh, and then there are the legal issues. The moment you start
running a black list, you open yourself up to legal attack from every
weirdo on the 'net. And you have to have the lawyers on retainer,
and be willing and able to pay them large sums of money if you should
happen to come under sustained legal attack.
--
Brad Knowles, <[EMAIL PROTECTED]>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
