[89820] in North American Network Operators' Group
Re: Open Letter to D-Link about their NTP vandalism
daemon@ATHENA.MIT.EDU (Jeff Shultz)
Fri Apr 7 18:38:50 2006
Date: Fri, 07 Apr 2006 15:31:43 -0700
From: Jeff Shultz <jeffshultz@wvi.com>
To: NANOG list <nanog@nanog.org>
In-Reply-To: <6bb5f5b10604071513w23fd7091x45e33457b4a245d0@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
Rubens Kuhl Jr. wrote:
<big snip>
> It still would require him to answer the DNS requests. Only way to
> addres that is everybody outside DIX declare gps.dix.de as
> www.dlink.com in their resolvers.
>
Oh, I see two things here - the first is that he's in charge of his DNS,
which he probably isn't. DIX likely is, but that's minor. They'll
probably support him in this.
The second is that I was concatenating this letter and the also
referenced Netgear letter, where they were doing refs by IP address
instead of DNS like the D-Link is.
Combine both of them - reject outside the DIX DNS requests outside the
service area (or send them to a DLink CNAME as mentioned) and as a
backup reject/redirect all NTP from outside to the gps.dix.de IP address
at the edge.
Belt and Suspenders as such.
As for the bogus NTP data idea... how many people buying a consumer
grade router like this even have a clue what NTP is, much less notice
what it's doing to that box over in the corner? It won't affect their
computer, therefore they won't care. It's just buzzwords on the box.
--
Jeff Shultz
