Slashdot Mirror


D-Link Firmware Abuses Open NTP Servers

DES writes "FreeBSD developer and NTP buff Poul-Henning Kamp runs a stratum-1 NTP server specifically for the benefit of networks directly connected to the Danish Internet Exchange (DIX). Some time last fall, however, D-Link started including his server in a hardcoded list in their router firmware. Poul-Henning now estimates that between 75% and 90% of NTP traffic at his server originates from D-Link gear. After five months of fruitless negotiation with a D-Link lawyer (who alternately tried to threaten and bribe him), he has written an open letter to D-Link, hoping the resulting publicity will force D-Link to acknowledge the issue. There are obvious parallels to a previous story, though Netgear behaved far more responsibly at the time than D-Link seem to be."

4 of 567 comments (clear)

  1. wrong easy fix. try this... by swschrad · · Score: 5, Interesting

    send a private communication to the authentic users (not the robot moochers from D-Link) that on date X, the new IP service address will be unhacked.gps.dix.de or whatever suits him.

    on date X, send bogus packets in response... not just wrong time, but seriously wrong time, like a packet with time of 9s in all fields, which would be most seriously wrong.

    hopefully, it would lock up the offending junkpiles, and clear the problem right smartly.

    the general idea in engineering an end to these things is to find a way to blow up the crooked machine by a seriously wrong entry that will screw up the internals. since they took an ugly and cheap shortcut by using firmware tables, they probably don't error-check their inputs from NTP and other services. so there should be a memory jump and a crash in those pirate boxes someplace.

    and that puts the onus back where it belongs, on supercheap designers for obnoxious companies that don't give a shit about network etiquette. the market will punish them. that's how it should be for slap-happy outfits.

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
  2. Re:Im confused by typical · · Score: 5, Interesting

    There are three conventions being violated:

    * To keep the network working, the NTP system is tiered. Anything other than a time server used to redistribute time to other machines should probably access a Tier 3 system, or a Tier 2 if that is not possible. It should never hammer a Tier 1 -- this can screw up the rest of the NTP network.

    * There are large lists of NTP servers, and they list access restrictions. As pointed out in the letter, this guy explicitly stated in his access rules that this server was not for client use.

    * As pointed out in the letter, this guy explicitly stated in his access rules that this server was not for use outside of Denmark.

    You may not be used to this sort of thing, because no such set of agreements exists for, say, webservers. However, in the NTP world, network administrators respect these, and it is why the time system continues to work.

    What D-Link is doing hurts all Danish NTP users, and freeloads off a volunteer (D-Link is selling the product and profiting from it -- let *them* handle the traffic and factor any bandwidth costs into their product cost). It opens their product to potential abuse if the server becomes malicious (a properly-designed router would allow the user to specify an NTP server, or if the user is unable to configure a router, to do what the letter suggested and use a D-Link-controlled name.). It violates agreements that have been generally respected by the NTP-using administrator community for many years.

    --
    Any program relying on (nontrivial) preemptive multithreading will be buggy.
  3. Path to Justice by doublem · · Score: 5, Interesting

    1. Buy the domain name off this poor guy / arrange for alternate hosting if it can't be sold.

    2. Take a collection from the /. community to set up an alternate server.

    3. Wait a month for all the legitimate users to switch to a new URL.

    4. Fire up a server at the old URL reporting Midnight, Jan 1, 1900

    5. Let D-Link deal with users accusing D-Link of failing to sell a Y2K compliant product in 2006.

    --
    "Live Free or Die." Don't like it? Then keep out of the USA
  4. Re:WTF??? by LurkerXXX · · Score: 5, Interesting
    It doesn't seem like a moral crusade to me.

    He discovered a problem.
    He contacted the company causing the problem.
    He explained the problem, and simply asked them to fix it.
    They didn't.
    They put him off.
    They threw a lawyer at him to threaten him.
    They offered 'compensation' that didn't come close to covering his costs.

    He was trying to do it all quietly and nicely, not crusading, and they wouldn't have it.

    So instead of going through the often extremely troublesome and lengthy legal procedings (which are even worse than normal since this is an international case), he was hoping to publically embarrass the company into fixing the problem they caused. Seems like a reasonable attempt at a speedy solution, not a crusade.