[89816] in North American Network Operators' Group
Re: Open Letter to D-Link about their NTP vandalism
daemon@ATHENA.MIT.EDU (Alain Hebert)
Fri Apr 7 18:13:49 2006
Date: Fri, 07 Apr 2006 18:13:19 -0400
From: Alain Hebert <ahebert@pubnix.net>
Reply-To: ahebert@pubnix.net
To: nanog@merit.edu
In-Reply-To: <4436DE99.7060803@wvi.com>
Errors-To: owner-nanog@merit.edu
Hi,
Should not be hard to fix...
Its clearly a missuses of dix.dk services.
Couple of thinks:
Since its bgp and DIX customers surely have to provide a list of
subnets to announce (filter and such), add those the the ntp server,
or use ipf/ipfw/iptables to filter in the dix customers
and I would redirect the others traffic to a dummy clock with a
messed up time... after a few complaints DLINK would wake up.
(Dont try to pin any legal issues to this ... its DIX
servers/bandwidth/ressources, DLink (and its customers) has no regard on
what DIX does with its ressources)
-----
Also there is a list of ntp servers in the device and I'm sure DLink
never got the permission from most of them.
So try to contact the 100+ ntp services for a class action.
----
DLink should use 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, and
even better provide their own x.ntp.dlink.com.
Jeff Shultz wrote:
>
> Rubens Kuhl Jr. wrote:
>
>> GPS.dix.dk service is described as:
>>
>> DK Denmark GPS.dix.dk (192.38.7.240)
>> Location: Lyngby, Denmark
>> Geographic Coordinates: 55:47:03.36N, 12:03:21.48E
>> Synchronization: NTP V4 GPS with OCXO timebase
>> Service Area: Networks BGP-announced on the DIX
>> Access Policy: open access to servers, please, no client use
>> Contacts: Poul-Henning Kamp (phk@FreeBSD.org)
>> Note: timestamps better than +/-5 usec.
>>
>> I think he should use dns views to answer the queries to gps.dix.dk
>> and either:
>> ( a ) answer 127.0.0.1 to all queries from outside his service area
>> ( b ) answer a D-Link IP address to all queries from outside his
>> service area (which could lead to getting their attention; dunno if
>> from their engineers or from their lawyers).
>
>
> Neither of which would solve the problem of his bandwidth being used
> by these, although (b) might actually serve to get their attention.
>
> Perhaps as a thanks to him for the public service he provides the DIX,
> all of the users at DIX could set their external routers to reject
> incoming NTP packets from networks other than their own? Or even
> combine that with (b), although it might be more effective if it
> targeted, oh, www.dlink.com instead of an IP address.
>
> Then at least it would not be taking up internal DIX bandwidth capacity.
>
> By no means am I encouraging legally actionable activity, however, and
> as noted, (b) just might be.
>
--
Alain Hebert ahebert@pubnix.net
PubNIX Inc.
P.O. Box 175 Beaconsfield, Quebec H9W 5T7
tel 514-990-5911 http://www.pubnix.net fax 514-990-9443
