Linked by Thom Holwerda on Sun 9th Apr 2006 12:49 UTC, submitted by rycamor
Legal FreeBSD developer Poul-Henning Kamp (PHK) happens to run a tier-1 NTP server, intended only for use by ISPs' main servers in Denmark, and specifically not intended for individual client connections, not to mention client connections from anywhere else in the world. He offers this service pro bono to ISPs. Unfortunately, D-Link has decided to abuse the open nature of the NTP protocol and has actually hard-coded PHK's server hostname in the firmware of several of their home network products. Since contacting D-Link yielded no results, PHK went public.
Order by: Score:
What happens
by 2fargone on Sun 9th Apr 2006 13:15 UTC
2fargone
Member since:
2006-02-20

When you try to be a nice guy.

I hope D-Link opens their eyes to this and pony up what's right. Abuse is abuse, even if it's not intentional.

Reply Score: 5

Force
by Morin on Sun 9th Apr 2006 13:52 UTC
Morin
Member since:
2005-12-31

I think he has the option to use force if nothing else succeeds:

Step 1: Whitelist the allowed connections and ban everything else. This is probably not enough since the connection attempts will still block his network and server.

Step 2: Whitelist the allowed connections and send *incorrect* time stamps to all others. As it sounds, D-Link has little legal ground to expect correct timestamps. Many people will wonder why their D-Link products suddenly screw up.

Step 3: Ask the danish ISPs for help, explaining them that he cannot continue with the server if nothing changes.

Step 4: Shut down the server, and wait for reactions.

Reply Score: 5

RE: Force
by BBlalock on Sun 9th Apr 2006 14:16 UTC in reply to "Force"
BBlalock Member since:
2006-01-15

In one of the other discussions of this it was pointed out that filtering the packets would degrade his performance.

It was also mentioned that in the overwhelming majority of cases nobody would ever know or care that thier dlink gizmo has the wrong time, so sending bad packets would be pointless. It would also be hypocritical as it would be an violation of the standards that he is trying to make dlink conform to.

Reply Score: 5

RE[2]: Force
by CrimsonScythe on Sun 9th Apr 2006 18:22 UTC in reply to "RE: Force"
CrimsonScythe Member since:
2005-07-10

From what I understood, the performance strain on the server would also mean that the time-accuracy of the NTP server would lessen. That sounds pretty bad, I think.

Well, I'll never buy a D-Link product as long as I live. I guess Belkin is no longer alone on my networking black list. In case anybody is wondering what I'm talking about, check here:
http://www.theregister.co.uk/2003/11/07/help_my_belkin_router/

Reply Score: 5

RE[3]: Force
by MikeGA on Sun 9th Apr 2006 19:52 UTC in reply to "RE[2]: Force"
MikeGA Member since:
2005-07-22

Never come across that story before. That is ridiculously bad ;)

Reply Score: 2

RE: Force
by cubidou on Sun 9th Apr 2006 15:59 UTC in reply to "Force"
cubidou Member since:
2006-04-09

You're missing the point. The problem is not the server or its load. The problem is the bandwidth generated by the requests from the D-Link devices.

Step 1 and 2 are not feasible because filtering is expensive and it would have to be done much earlier than on the server itself.

Step 3 and 4 won't change the fact that bandwidth will be generated. It's not like a single IP address can suddenly disappear. Packets will still arrive, even if there's no reply.

The only thing PHK can do is changing the name of the server and letting the old one point to 127.0.0.1. That would solve the bandwith issue, but would require all legitimate users to change their configuration.

Quentin Garnier.

Reply Score: 5

RE[2]: Force
by Morin on Sun 9th Apr 2006 17:12 UTC in reply to "RE: Force"
Morin Member since:
2005-12-31

> Step 1 and 2 are not feasible because filtering is
> expensive and it would have to be done much earlier
> than on the server itself.
>
> Step 3 and 4 won't change the fact that bandwidth will
> be generated. It's not like a single IP address can
> suddenly disappear. Packets will still arrive, even if
> there's no reply.

Neither of these approaches would make the huge traffic disappear, but they might make DLink reconsider their strategy.

Reply Score: 3

RE[2]: Force
by sagum on Mon 10th Apr 2006 10:56 UTC in reply to "RE: Force"
sagum Member since:
2006-01-23

The only thing PHK can do is changing the name of the server and letting the old one point to 127.0.0.1. That would solve the bandwith issue, but would require all legitimate users to change their configuration.


Sounds like a good idea, however, I'd suggest that PHK points the address to dlink's mail server.

*scarcasim* That way, D-Link can then forward the correct time to the customers via email.. */scarcasim*

Reply Score: 2

What a surprise
by moleskine on Sun 9th Apr 2006 14:51 UTC
moleskine
Member since:
2005-11-05

I once had five D-Link products. One dropped dead in three weeks, another after eight weeks and another after 14 months. I still have two, but never again.

While I don't know how D-Link really work, I did have to waste a lot of time messing with firmware while trying to get their broken products to work. I formed the impression that D-Link either buy-in or ship unchecked code cooked up in SE Asia. So it would be very easy for a developer out there to rip stuff off and feel fairly confident that D-Link would never bother to check. They certainly didn't check whether one of their ADSL modems would work under the UK telephone system. Perhaps no one told the developers on the other side of the world that it would need to.

So I am not surprised at this news. But I am a little surprised that instead of playing nice and doing something about it, D-Link are choosing to play big bully. You can bet that if Microsoft or IBM were doing the complaining instead of a single guy then D-Link would drop their pants and bend over sooner than you could say "Never buy a D-Link product".

Reply Score: 5

RE: What a surprise
by Angel--Fr@gzill@ on Sun 9th Apr 2006 15:13 UTC in reply to "What a surprise"
Angel--Fr@gzill@ Member since:
2005-12-23

!!!

I would suggest to contact someone at the European Union .
..
Ther may be a possibility of bothering them at a european level. The layers or the embassy of Denmark to the EU should have any knowledge about who to contact. I guess it is worthy to bother them trying to stop or obstacle their business in all the countries in the EU. Of course, never going to a California court...

Since this is a big chunk of the global market, it could make them reconsider the case!

Anyway, this is nothing out of the ordinary. Typical "Big companies behaviour!

!!!

Reply Score: 3

kadymae
Member since:
2005-08-02

Alas, asking customers to upgrade firmware probably isn't going to solve the problem.

If a product of mine is running okay I rarely upgrade the firmware.

1) fear of a bug in the upgrade borking up my machine. (Like that Apple firmware update which disabled RAM in many computers.)

2) what is the upgrade for? (I have a Plextor CD burner which can duplicate any CD. At the urging of the [hack! spit!] RIAA, Plextor has put out a firmware update -- which disables this feature. And left this to consumers to find out, the hard way.)

So, if I saw that my router's manufacturer had put out a firmware update, I would think thrice about installing it, and then go comb the web to make sure it didn't do something like permanently disable the ports we get "the bit torrent channel" on.

---

OTOH, this bit of jerkishness by dLink means I won't be throwing money their way any time soon.

Reply Score: 5

DDoS
by eantoranz on Sun 9th Apr 2006 16:18 UTC
eantoranz
Member since:
2005-12-18

Could it be possible to go after them legally on the grounds of a DDoS on PHK's NTP server?

Reply Score: 2

RE: DDoS
by Ronald Vos on Sun 9th Apr 2006 16:58 UTC in reply to "DDoS"
Ronald Vos Member since:
2005-07-06

Could it be possible to go after them legally on the grounds of a DDoS on PHK's NTP server?

Same story as simply demanding compensation for the extra costs generated by their failure to comply to the terms of service: too expensive to sue.

Reply Score: 1

change the domain name
by kamper on Sun 9th Apr 2006 18:00 UTC
kamper
Member since:
2005-08-20

Seems to me that what he has to do is change the domain name. Yes, he pointed out that this would be very time consuming, but it can't be any worse than shutting down the server all the way (which it seems he will have to do if he doesn't get money from D-Link).

That won't provide him with real security, but it will undo the years of harm that D-Link has built up and give the ntp community as a whole time to mount a proper suit against the scum. It seems that there are enough people being affected by this stupidity that they'd have at least a bit of clout.

For the long run, though, I think that designing slightly more DoS-proof systems would be a better idea.

And seeing the recurring trend with the netgear thing, I wonder what percentage of soho routers from other companies actually do this sort of thing. They discovered that D-Link is causing trouble, but I didn't see proof that all the traffic was from D-Link devices. I'd like to get my linksyses behind a real router (read: OpenBSD on a soekris) and see what kind of crap they're spewing.

Reply Score: 1

small contribution.
by xushi on Sun 9th Apr 2006 18:15 UTC
xushi
Member since:
2005-08-29

You know... until Dlink finds a solution, he could try and block access to his server from any/all dlink NIC's through blocking the MAC addresses...

It might work. Each major NIC company has its own major MAC address, and he could save himself form just blocking everyone or shutting down the server completly. It'll also get rid of any legal mambo jambo that might happen if he tries to provide incorrect details deliberately.

Until then, i hope Dlink fixes their mistakes.. It's good to see such an open letter being advertised tbh.

Edited 2006-04-09 18:16

Reply Score: 3

RE: small contribution.
by kamper on Sun 9th Apr 2006 18:27 UTC in reply to "small contribution."
kamper Member since:
2005-08-20

You know... until Dlink finds a solution, he could try and block access to his server from any/all dlink NIC's through blocking the MAC addresses...

No he couldn't. First of all, the MAC address never makes out of the routers local network (the subnet controlled by the isp). Secondly, many routers do a MAC address clone of one of the pcs inside the network. This is very common for anybody who first set up their broadband while directly connected and then inserted the router.

Finally, as has been pointed out, filtering doesn't stop the traffic from coming. He could easily whitelist based on ip addresses from Denmark. He could easily filter based on the fact that the dlink devices are using an old version of the protocol. But that won't stop the routers all over the world from continuing to send crap to him. It's not the processing power on his machine that's the problem, it's the fact that the network around the machine has to deliver the traffic. I imagine setting up a filter on the outside for that traffic in a place as complicated as an internet exchange would be far more trouble than just paying for the bandwidth or removing the dns entry.

Edited 2006-04-09 18:28

Reply Score: 3

I'm guilty
by Tyr. on Sun 9th Apr 2006 18:28 UTC
Tyr.
Member since:
2005-07-06

I feel bad now, I actually own one of the offending products a DI-624. I really don't want to offend the genius that gave us the "beerware"-license , guess I owe him several more beers now. Oh well, time for me to write to D-Link and demand a firmware upgrade.

Reply Score: 5

RE: I'm guilty
by kamper on Sun 9th Apr 2006 18:30 UTC in reply to "I'm guilty"
kamper Member since:
2005-08-20

Oh well, time for me to write to D-Link and demand a firmware upgrade.

Good man (or woman? sorry). Customer demand would be a strong influence on D-Link, although it seems unlikely that enough people will be interested and/or understand.

Reply Score: 1

RE: I'm guilty
by ido50 on Sun 9th Apr 2006 19:07 UTC in reply to "I'm guilty"
ido50 Member since:
2006-02-06

I own the same product. It's crap. Wireless networks are supposed to make your life easier. This one makes my life harder. The router stops working every 5 minutes, sometimes returning back after a few seconds/minutes, sometimes never (Until I reboot the router). I can't surf the internet like that, not to mention the router's port forwarding function doesn't work.

I hope to switch to another router soon, I'm not buying any more products by this company.

P.S. I wrote the above comment, pressed the "Submit comment" button, only to find the router stopped working again. Had to take the power cord out and plug it again.

Edited 2006-04-09 19:08

Reply Score: 3

RE[2]: I'm guilty
by shredder on Mon 10th Apr 2006 09:33 UTC in reply to "RE: I'm guilty"
shredder Member since:
2005-07-06

Wireless routers are a pain.

My Belkin wireless router crashes if I don't run a bandwidth shaper on my desktop. When it crashes, it enables the proprietary mode which actually worsens performance.

My parents have a different Belkin wireless router which rarely works. Do any wireless routers work properly?

Reply Score: 1

RE[3]: I'm guilty
by BABaracus on Mon 10th Apr 2006 21:37 UTC in reply to "RE[2]: I'm guilty"
BABaracus Member since:
2006-04-10

Shredder asked: "Do any wireless routers work properly?"

In my experience, the Linksys WRT-54GS is very good. I have had one for over a year, and it just sits there serving packets reliably, day in and day out. It was reliable with the stock firmaware, but I have upgraded it's functionality by loading the enhanced firmware from www.dd-wrt.com - this adds additional QoS Features, etc.

Reply Score: 3

RE[4]: I'm guilty
by shredder on Tue 11th Apr 2006 09:47 UTC in reply to "RE[3]: I'm guilty"
shredder Member since:
2005-07-06

Thanks for the info. I'll look into it.

Isn't that one that runs Linux? That's cool.

Reply Score: 1

RE: I'm guilty
by senornoodle on Wed 12th Apr 2006 09:40 UTC in reply to "I'm guilty"
senornoodle Member since:
2005-07-12

So 624s not only crash under any load heavier than a single PC checking email, AND have a total range of maybe 10m, but also f--k around with important NTP servers? The feaure list just keeps growing.

Reply Score: 1

Solution: don't every buy D-Link again
by emarkp on Sun 9th Apr 2006 19:37 UTC
emarkp
Member since:
2005-09-10

Not only are they crap (the only good experience I've seen with D-Link is the DSL router my brother bought, and it died in less than a year), but they abuse the community.

Good riddance D-Link, I'll dance on your grave when you go under (just like I did with Diamond Graphics).

Reply Score: 3

Boycot D-Link products
by Berend de Boer on Sun 9th Apr 2006 19:40 UTC
Berend de Boer
Member since:
2005-10-19

As (potential) buyers of D-Link products we should boycot the product unless this issue is resolved. Stores should refuse to stock it.

Reply Score: 2

RE: Boycot D-Link products
by Celerate on Sun 9th Apr 2006 21:19 UTC in reply to "Boycot D-Link products"
Celerate Member since:
2005-06-29

In Yellowknife I have found several stores who only stock D-Link. I asked one store why and they said that they got too many complaints of Linksys products not cooperating with other devices made by different companies. I do not know how legit these claims are, but I do know that if I want to buy a router up here I have one choice (two if a refurbished router becomes available) choices.

That said I bought a D-Link DI-524 wireless router long before hearing about the bad wrap they got, I had trouble with it right away because I upgraded the firmware from the D-Link.com site and after that it wouldn't run 24 hours without cutting in and out. I contacted their tech support and they didn't know what was wrong, months later I was still searching Google out of frustration and finally I came across the answer, I had to use the firmware from D-Link.ca because I lived in Canada and there were subtle differences in the firmware apparently. After switching over to the firmware from D-Link.ca it started working reliably.

I did regret buying the router until I found out how to fix it, now it seems to work fine. I still think my next one will be a Linksys though, I have heard that those ones are pretty good and by sticking with one brand name I'd be keeping myself ignorant. I also believe that it was negligent of D-Link not to have any mention on the product box, on their web site, or in the browser interface, that the firmware for the wireless routers was different for countries other than the US.

Reply Score: 2

RE: Boycot D-Link products
by DuuudeDK on Tue 11th Apr 2006 07:52 UTC in reply to "Boycot D-Link products"
DuuudeDK Member since:
2006-04-11

Please let D-Link know that you'll not buy any of their products unless they settle this issue and holds PHK economical undamaged now and in the future regarding their abuse of his NTP server. I have emailed sales@dlink.co.uk, to let them know that I'll not buy any more of their products (I admit to own 2 D-Link products, sorry) unless they settle this in a god manner.
Also, I suspect a lot of OSnews readers are somehow involved in helping family/friends buying computer equipment. Let D-Link know that we'll ditch their products and not buy anymore for friends/family until this is settled in a decent manner.

Reply Score: 1

Da big D...
by kowtow on Sun 9th Apr 2006 20:25 UTC
kowtow
Member since:
2006-04-01

...in D-Link stands for "defective". No wonder they don't want to spell it out.

Reply Score: 1

v man iptables
by lemmy on Mon 10th Apr 2006 08:32 UTC
RE: man iptables
by kamper on Mon 10th Apr 2006 15:47 UTC in reply to "man iptables"
kamper Member since:
2005-08-20

no more to say.

Except maybe to point out that you should try reading the linked article and then stop spewing nonsense. Besides which, you don't really think he'd run linux on this machine do you?

Reply Score: 1

Campaign?
by kramii on Mon 10th Apr 2006 09:48 UTC
kramii
Member since:
2005-07-22

Does anyone have an email address for someone senior at D-Link? I'm sure I'm not alone in my desire to explain why I won't be purchasing their products anytime soon.

Reply Score: 1

Sole experience with D-Link
by snozzberry on Mon 10th Apr 2006 16:27 UTC
snozzberry
Member since:
2005-11-14

I installed a D-Link USB wifi dongle on my Mac. In three years of running OS X, the only kernel panic I ever got was from unplugging the dongle while the machine was still on, which strongly suggests they used kernel extensions against Apple's programming guidelines.

D-Link's technical support guarantees you're talking to a flipchart reader who not only cannot answer your question, but is under orders not to connect you with someone who could. The only reason their crap is sold in Apple stores is because no one else writes OS X drivers for USB wifi dongles.

In Yellowknife I have found several stores who only stock D-Link. I asked one store why and they said that they got too many complaints of Linksys products not cooperating with other devices made by different companies.

Ask the man in that store how it is that wardriver logs identify 50-60% of the visible wireless networks in my city as Linksys products (by MAC address range, not ESSID) if they're so problematic. And I live in rural Arizona. Borrow a laptop from a friend and run Netstumbler/iStumbler to prove the point if you have to.

Reply Score: 1

NTP of Dead
by werfu on Mon 10th Apr 2006 20:06 UTC
werfu
Member since:
2005-09-15

Isn't there an exploit for the NTP protocol? If D-Link is using some kind of µLinux distro or something like that it could be easy to find an exploit that simply make all thoses routers explode right-away!

I mean.... setting the time to the limit of the protocol and see those routers jerk off or trying to buffer overflow those routers with oversized packets or badformed packets.

But the simpliest way would surely be to use another hostname and asking for cooperation from the danish ISP.

Damn D-Link sux arses....

Reply Score: 1