On Tue, Jan 08, 2019 at 09:43:01AM +0100, Lennart Poettering wrote: > Moreover, afair we install and enable NTP clients by default on all > our installations, no? just like pretty much any other OS these days > does... counting by NTP mostly just means switching from NTP pool > servers to fedora's own servers. I think it would be difficult/expensive to provide the same quality of service as the pool with thousands of servers distributed around the globe. Switching completely would probably be a bad idea. A better approach would be to configure the clients to use a mix of the pool servers and our servers. I think that's what Ubuntu does. > > 3. Logging NTP does not cover the problem the UUID is trying to help > > solve.. there are two places where we undercount and overcount > > systems. > > a. systems behind nat firewalls all show up as 1 ip address. ntp or > > yum or gnome-hotspot ask multiple times during a day.. but not a set > > number. Just looking at my 3 home systems I see around 1 to 80 > > connections depending on what i have done that day. > > The amount of traffic within a time window is linear to the number of > hosts behind that IP address. It's relatively easy to estimate that > there are 5 clients behind an IP adress if you get 5 NTP request > datagrams within one protocol iteration instead of just one... That would work if the "tracking" NTP server was configured with a fixed polling interval and disabled bursts, and the systems were always running. In our default configuration we use a variable polling interval and bursts. Tracking individual clients behind one IP address is possible if their number is not very large, but it's a bit more complicated (it depends also on the client's implementation), and it can count only systems that are running at the same time. > > 4. NTP is a high security problem when you concentrate it to a set of > > servers. These become servers that everyone wants to hack even more > > than build systems. These problems range from DDOS to active hacks. > > Uh, well, the major NTP servers tend to be pretty well tested and > fuzzed these days, and they can be sandboxed efficiently, since they > involve no big stack but only trivial SOCK_DGRAM traffic. I see no > reason whatsoever for them to be less secure than a hand-written HTTP > service that only Fedora runs and doesn't get all the validation love > the NTP servers get... The problem are DoS attacks. If the number of servers was small, it'd be easy (cheap) to take them all out. The pool has thousands of servers. The weak point is rather in their monitoring. -- Miroslav Lichvar _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
