Linked by Thom Holwerda on Sun 9th Apr 2006 12:49 UTC, submitted by rycamor
Legal FreeBSD developer Poul-Henning Kamp (PHK) happens to run a tier-1 NTP server, intended only for use by ISPs' main servers in Denmark, and specifically not intended for individual client connections, not to mention client connections from anywhere else in the world. He offers this service pro bono to ISPs. Unfortunately, D-Link has decided to abuse the open nature of the NTP protocol and has actually hard-coded PHK's server hostname in the firmware of several of their home network products. Since contacting D-Link yielded no results, PHK went public.
Thread beginning with comment 113098
To read all comments associated with this story, please click here.
Force
by Morin on Sun 9th Apr 2006 13:52 UTC
Morin
Member since:
2005-12-31

I think he has the option to use force if nothing else succeeds:

Step 1: Whitelist the allowed connections and ban everything else. This is probably not enough since the connection attempts will still block his network and server.

Step 2: Whitelist the allowed connections and send *incorrect* time stamps to all others. As it sounds, D-Link has little legal ground to expect correct timestamps. Many people will wonder why their D-Link products suddenly screw up.

Step 3: Ask the danish ISPs for help, explaining them that he cannot continue with the server if nothing changes.

Step 4: Shut down the server, and wait for reactions.

Reply Score: 5

RE: Force
by BBlalock on Sun 9th Apr 2006 14:16 in reply to "Force"
BBlalock Member since:
2006-01-15

In one of the other discussions of this it was pointed out that filtering the packets would degrade his performance.

It was also mentioned that in the overwhelming majority of cases nobody would ever know or care that thier dlink gizmo has the wrong time, so sending bad packets would be pointless. It would also be hypocritical as it would be an violation of the standards that he is trying to make dlink conform to.

Reply Parent Score: 5

RE[2]: Force
by CrimsonScythe on Sun 9th Apr 2006 18:22 in reply to "RE: Force"
CrimsonScythe Member since:
2005-07-10

From what I understood, the performance strain on the server would also mean that the time-accuracy of the NTP server would lessen. That sounds pretty bad, I think.

Well, I'll never buy a D-Link product as long as I live. I guess Belkin is no longer alone on my networking black list. In case anybody is wondering what I'm talking about, check here:
http://www.theregister.co.uk/2003/11/07/help_my_belkin_router/

Reply Parent Score: 5

RE: Force
by cubidou on Sun 9th Apr 2006 15:59 in reply to "Force"
cubidou Member since:
2006-04-09

You're missing the point. The problem is not the server or its load. The problem is the bandwidth generated by the requests from the D-Link devices.

Step 1 and 2 are not feasible because filtering is expensive and it would have to be done much earlier than on the server itself.

Step 3 and 4 won't change the fact that bandwidth will be generated. It's not like a single IP address can suddenly disappear. Packets will still arrive, even if there's no reply.

The only thing PHK can do is changing the name of the server and letting the old one point to 127.0.0.1. That would solve the bandwith issue, but would require all legitimate users to change their configuration.

Quentin Garnier.

Reply Parent Score: 5

RE[2]: Force
by Morin on Sun 9th Apr 2006 17:12 in reply to "RE: Force"
Morin Member since:
2005-12-31

> Step 1 and 2 are not feasible because filtering is
> expensive and it would have to be done much earlier
> than on the server itself.
>
> Step 3 and 4 won't change the fact that bandwidth will
> be generated. It's not like a single IP address can
> suddenly disappear. Packets will still arrive, even if
> there's no reply.

Neither of these approaches would make the huge traffic disappear, but they might make DLink reconsider their strategy.

Reply Parent Score: 3

RE[2]: Force
by sagum on Mon 10th Apr 2006 10:56 in reply to "RE: Force"
sagum Member since:
2006-01-23

The only thing PHK can do is changing the name of the server and letting the old one point to 127.0.0.1. That would solve the bandwith issue, but would require all legitimate users to change their configuration.


Sounds like a good idea, however, I'd suggest that PHK points the address to dlink's mail server.

*scarcasim* That way, D-Link can then forward the correct time to the customers via email.. */scarcasim*

Reply Parent Score: 2