[lacnog] Fwd: RFC 9109 on Network Time Protocol Version 4: Port Randomization
Fernando Gont
fernando en gont.com.ar
Mar Ago 24 02:51:46 -03 2021
Estimad en s,
Años atras, haciendo port-scanning de redes encontramos que podiamos
obtener mucha mas información sobre clientes NTP de lo que deberia poder
ser necesario.
Fue entonces que junto con Guillermo Gont (SI6 Networks) y Miroslav
Lichvar (RedHat) escribimos este documento para cambiar la
especificaciòn de NTP para mejorar la seguridad del mismo para todos y
todas.
Hoy se publicó el resultado del trabajo en cuestión, como RFC 9109, que
en mi caso realice en su momento para mi entonces empleador (SI6 Networks).
El RFC esta disponible en: https://www.rfc-editor.org/info/rfc9109
En lo personal, considero que la parte mas importante del documento son
los Acknowledgements:
Fernando Gont would like to thank Nelida Garcia and Jorge Oscar Gont
for their love and support.
Mis agradecimientos a ellos, quienes brindaron el contexto necesario que
eventualmente posibilitó las pequeñas contribuciones de quien suscribe
(https://www.youtube.com/watch?v=ss5Snx_ZLuo).
Y mis agredicimientos a Diego Maradona, por cosas algo mas complejas
como para explicar en dos o tres lineas de texto
(https://www.youtube.com/watch?v=JwqAG4XWLpQ9)
No fue magia,
Fernando
------- Forwarded Message --------
Subject: RFC 9109 on Network Time Protocol Version 4: Port Randomization
Date: Mon, 23 Aug 2021 21:29:14 -0700 (PDT)
From: rfc-editor en rfc-editor.org
To: ietf-announce en ietf.org, rfc-dist en rfc-editor.org
CC: drafts-update-ref en iana.org, ntp en ietf.org, rfc-editor en rfc-editor.org
A new Request for Comments is now available in online RFC libraries.
RFC 9109
Title: Network Time Protocol Version 4:
Port Randomization Author: F. Gont,
G. Gont,
M. Lichvar
Status: Standards Track
Stream: IETF
Date: August 2021
Mailbox: fgont en si6networks.com,
ggont en si6networks.com,
mlichvar en redhat.com
Pages: 9
Updates: RFC 5905
I-D Tag: draft-ietf-ntp-port-randomization-08.txt
URL: https://www.rfc-editor.org/info/rfc9109
DOI: 10.17487/RFC9109
The Network Time Protocol (NTP) can operate in several modes. Some
of these modes are based on the receipt of unsolicited packets and
therefore require the use of a well-known port as the local port.
However, in the case of NTP modes where the use of a well-known port
is not required, employing such a well-known port unnecessarily
facilitates the ability of attackers to perform blind/off-path
attacks. This document formally updates RFC 5905, recommending the
use of transport-protocol ephemeral port randomization for those
modes where use of the NTP well-known port is not required.
This document is a product of the Network Time Protocol Working Group of
the IETF.
This is now a Proposed Standard.
STANDARDS TRACK: This document specifies an Internet Standards Track
protocol for the Internet community, and requests discussion and suggestions
for improvements. Please refer to the current edition of the Official
Internet Protocol Standards (https://www.rfc-editor.org/standards) for
the standardization state and status of this protocol. Distribution of
this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
https://www.ietf.org/mailman/listinfo/ietf-announce
https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor en rfc-editor.org. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC
_______________________________________________
IETF-Announce mailing list
IETF-Announce en ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce
--
Fernando Gont
e-mail: fernando en gont.com.ar
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Más información sobre la lista de distribución LACNOG