Re: F30: System-Wide Change proposal: DNF UUID

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 08, 2019 at 09:43:01AM +0100, Lennart Poettering wrote:
> Moreover, afair we install and enable NTP clients by default on all
> our installations, no? just like pretty much any other OS these days
> does... counting by NTP mostly just means switching from NTP pool
> servers to fedora's own servers.

I think it would be difficult/expensive to provide the same quality of
service as the pool with thousands of servers distributed around the
globe.

Switching completely would probably be a bad idea. A better approach
would be to configure the clients to use a mix of the pool servers and
our servers. I think that's what Ubuntu does.

> > 3. Logging NTP does not cover the problem the UUID is trying to help
> > solve.. there are two places where we undercount and overcount
> > systems.
> >  a. systems behind nat firewalls all show up as 1 ip address. ntp or
> > yum or gnome-hotspot ask multiple times during a day.. but not a set
> > number. Just looking at my 3 home systems I see around 1 to 80
> > connections depending on what i have done that day.
> 
> The amount of traffic within a time window is linear to the number of
> hosts behind that IP address. It's relatively easy to estimate that
> there are 5 clients behind an IP adress if you get 5 NTP request
> datagrams within one protocol iteration instead of just one...

That would work if the "tracking" NTP server was configured with a
fixed polling interval and disabled bursts, and the systems were always
running. In our default configuration we use a variable polling
interval and bursts. Tracking individual clients behind one IP address
is possible if their number is not very large, but it's a bit more
complicated (it depends also on the client's implementation), and it
can count only systems that are running at the same time.

> > 4. NTP is a high security problem when you concentrate it to a set of
> > servers. These become servers that everyone wants to hack even more
> > than build systems. These problems range from DDOS to active hacks.
> 
> Uh, well, the major NTP servers tend to be pretty well tested and
> fuzzed these days, and they can be sandboxed efficiently, since they
> involve no big stack but only trivial SOCK_DGRAM traffic. I see no
> reason whatsoever for them to be less secure than a hand-written HTTP
> service that only Fedora runs and doesn't get all the validation love
> the NTP servers get...

The problem are DoS attacks. If the number of servers was small, it'd
be easy (cheap) to take them all out. The pool has thousands of
servers. The weak point is rather in their monitoring.

-- 
Miroslav Lichvar
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux