NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p18 was released on 25 May 2024 and addresses 40 bugs and provides 40 improvements.

Please see the NTP 4.2.8p18 Changelog for details.

Bug 1532 - remove ntpd support for ntpdc's monlist (use ntpq's mrulist)
Summary: remove ntpd support for ntpdc's monlist (use ntpq's mrulist)
Status: VERIFIED FIXED
Alias: None
Product: ntp
Classification: Unclassified
Component: ntpd (show other bugs)
Version: 4.2.6
Hardware: All All
: P5 normal
Assignee: Harlan Stenn
URL:
Depends on: 1531
Blocks:
  Show dependency tree
 
Reported: 2010-04-20 03:33 UTC by Dave Hart
Modified: 2023-03-26 22:55 UTC (History)
12 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dave Hart 2010-04-20 03:33:22 UTC 
Once Bug #1531 is resolved, ntpd's support for ntpdc's monlist operation should be stubbed to return an error.

One reason is the protocol is inherently fragile and not portable, depending on being able to queue many UDP packets received in a burst.

Another is it cannot be secured as ntpq's mrulist can, because backwards compatibility would be broken, at which point there's no reason to maintain it with mrulist providing better access to the same functionality.

On the other hand, ntpdc should retain its monlist implementation for some time so that a newer ntpdc can manage diverse remote ntpd versions before and after the addition of mrulist and removal of monlist.
Comment 1 Dave Hart 2010-04-22 17:11:44 UTC 
This is ready from either of:

pogo:/usa/hart/ntp-dev-1531-32
psp-deb1:/home/hart/ntp-dev-1531-32
Comment 2 Harlan Stenn 2010-04-24 08:27:08 UTC 
Dave,

Thanks for your report and work on this.  Please check 4.2.7-p26 and mark this bug as VERIFIED or REOPENED, as appropriate.  Also please note that unless somebody has a Good Reason otherwise, I'd like to see this backported to 4.2.6.
Comment 3 Dave Hart 2010-05-03 12:11:36 UTC 
Backporting this disabling of monlist responses by ntpd to -stable means backporting the new mrulist support in ntpd, and the underlying ntp_monitor.c changes.

After one attempt, I can also now say it requires backporting the new "mru" knobs and their -dev default values.  With the 600 entry hard limit on addresses in -stable, mrulist is severely challenged in its approach of fetching the list in multiple operations starting with the oldest entries.  One common failure in that case was endlessly chasing the too-fast flush through, with ntpq never retrieving entries less than a minute old, ad infinitum.  In the same situation, ntp-dev mrulist does much better with the deeper history kept by ntpd.

This would mean even more behavioral changes in a -stable point release.  Perhaps we should focus on driving ntp-dev towards a new ntp-stable 4.2.8 or 4.3.0 instead of backporting so much of 4.2.7 to 4.2.6.
Comment 4 Harlan Stenn 2010-05-06 08:57:11 UTC 
Dave,

Fair enough - I've removed the 4.2.6 flag for this bug.

Please mark this bug as VERIFIED or REOPENED, for ntp-dev, as appropriate.
Comment 5 Harlan Stenn 2014-02-20 10:06:22 UTC 
This bug was reported against 4.2.6, and it was resolved in 4.2.7p26.
Comment 6 Ulrich Windl 2016-07-04 08:35:17 UTC 
(In reply to comment #5)
> This bug was reported against 4.2.6, and it was resolved in 4.2.7p26.

As per 4.2.8p8 the response "*** Server reports data not found" to ntpdc's monlist query isn't very helpful, specifically as the manual pages are very silent regarding "monlist". Wouldn't a better approach have been to switch the default from "enable monitor" to "disable monitor" (assuming it controls exactly "monlist" as the docs suggest)? Documentation on "enable monitor" and "monlist" in ntpdc's man page are quite vague.
At the very list I'd suggest to change the message "*** Server reports data not found" to something like "*** Server doesn't implement monlist any more for security reasons.  Use ntpq's mrulist instead.".