[Lista ArNOG] Fwd: RFC 9109 on Network Time Protocol Version 4: Port Randomization

Fernando Gont fernando en gont.com.ar
Mar Ago 24 02:51:46 -03 2021


Estimad en s,

Años atras, haciendo port-scanning de redes encontramos que podiamos 
obtener mucha mas información sobre clientes NTP de lo que deberia poder 
ser necesario.

Fue entonces que junto con Guillermo Gont (SI6 Networks) y Miroslav 
Lichvar (RedHat) escribimos este documento para cambiar la 
especificaciòn de NTP para mejorar la seguridad del mismo para todos y 
todas.

Hoy se publicó el resultado del trabajo en cuestión, como RFC 9109, que 
en mi caso realice en su momento para mi entonces empleador (SI6 Networks).

El RFC esta disponible en: https://www.rfc-editor.org/info/rfc9109

En lo personal, considero que la parte mas importante del documento son 
los Acknowledgements:

    Fernando Gont would like to thank Nelida Garcia and Jorge Oscar Gont
    for their love and support.


Mis agradecimientos a ellos, quienes brindaron el contexto necesario que 
eventualmente posibilitó las pequeñas contribuciones de quien suscribe 
(https://www.youtube.com/watch?v=ss5Snx_ZLuo).

Y mis agredicimientos a Diego Maradona, por cosas algo mas complejas 
como para explicar en dos o tres lineas de texto 
(https://www.youtube.com/watch?v=JwqAG4XWLpQ9)

No fue magia,
Fernando




------- Forwarded Message --------
Subject: RFC 9109 on Network Time Protocol Version 4: Port Randomization
Date: Mon, 23 Aug 2021 21:29:14 -0700 (PDT)
From: rfc-editor en rfc-editor.org
To: ietf-announce en ietf.org, rfc-dist en rfc-editor.org
CC: drafts-update-ref en iana.org, ntp en ietf.org, rfc-editor en rfc-editor.org

A new Request for Comments is now available in online RFC libraries.

                 RFC 9109

         Title:      Network Time Protocol Version 4: 
  Port Randomization         Author:     F. Gont,
                     G. Gont,
                     M. Lichvar
         Status:     Standards Track
         Stream:     IETF
         Date:       August 2021
         Mailbox:    fgont en si6networks.com,
                     ggont en si6networks.com,
                     mlichvar en redhat.com
         Pages:      9
         Updates:    RFC 5905

         I-D Tag:    draft-ietf-ntp-port-randomization-08.txt

         URL:        https://www.rfc-editor.org/info/rfc9109

         DOI:        10.17487/RFC9109

The Network Time Protocol (NTP) can operate in several modes.  Some
of these modes are based on the receipt of unsolicited packets and
therefore require the use of a well-known port as the local port. 
However, in the case of NTP modes where the use of a well-known port
is not required, employing such a well-known port unnecessarily
facilitates the ability of attackers to perform blind/off-path
attacks. This document formally updates RFC 5905, recommending the
use of transport-protocol ephemeral port randomization for those
modes where use of the NTP well-known port is not required.

This document is a product of the Network Time Protocol Working Group of 
the IETF.

This is now a Proposed Standard.

STANDARDS TRACK: This document specifies an Internet Standards Track
protocol for the Internet community, and requests discussion and suggestions
for improvements.  Please refer to the current edition of the Official
Internet Protocol Standards (https://www.rfc-editor.org/standards) for 
the standardization state and status of this protocol.  Distribution of 
this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
   https://www.ietf.org/mailman/listinfo/ietf-announce
   https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor en rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC

_______________________________________________
IETF-Announce mailing list
IETF-Announce en ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce


-- 
Fernando Gont
e-mail: fernando en gont.com.ar
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1





Más información sobre la lista de distribución Lista