D-Link Settles Danish Time Dispute

igb writes "The Register reports that DLink has settled the time server dispute described a little over a month ago here on Slashdot. They're going to stop using an NTP server they're not really authorized to chime with, and they've reached an amicable settlement over the use by existing products. The details of the settlement are, not unsurprisingly, somewhat vague, but let's hope that the good guys aren't out of pocket any more."

They should've known better...

than to challenge a Time Lord!

Netgear did the same thing a few years ago

[dananderson]

Netgear did the same thing with the University of Wisconsin Internet NTP's servers.

It's strange these companies can't afford to set up a few of their own NTP servers instead of overloading servers that don't have the bandwidth. It it's because they are clueless or they are cheap?

Re:Netgear did the same thing a few years ago

[wowbagger]

It it's because they are clueless or they are cheap?

Yes, and yes. They are clueless, and they are cheap.

That is why pool.ntp.org was created - to provide a pool of NTP servers that these bozos can use without hammering anybody's server too badly.

Re:Netgear did the same thing a few years ago

[MikeBabcock]

These situations make no sense to me. The NTP system is very easy to use properly.

There's a great little website about how to use ntp.org servers properly.

For the quick-fix people, point your NTP capable system at pool.ntp.org.

If you live in north america, you can use the north-america.pool.ntp.org dns name instead, for only north american servers. The same applies to other continents and several country codes.

Basically, there's no excuse for hard-coding a time server in almost any situation, unless your client is completely incapable of DNS and has no access to external DNS servers.

Re:Netgear did the same thing a few years ago

[autocracy]

It would be really nice to think that it's not that hard. Yet, somehow, as a member of the NTP pool, I just keep on having issues. At this moment, I'm supporting roughly 1500 clients. 35% of my resources to supply all those clients with acurate time are being used by 40 clients. In fact, the top 10 "abusers" are taking nearly 17%... and it's a good moment.

Re:Netgear did the same thing a few years ago

[tinkerghost]

Proper queries are only denied & not re-made if the client follows the rules.
If you check the original artical, D-Link routers do not recognize the kill request, and they re-request very quickly. So yes, he configured the NTP server correctly, AND he posted restrictions on the NTP site correctly, AND D-Link said we don't care.
It's essentially a DDOS attack on the server. There are thousands of hits with correctly formed NTP requests coming in every second - 98% of which should be directed elsewhere.

Re:Netgear did the same thing a few years ago

[Gnavpot]

At this moment, I'm supporting roughly 1500 clients. 35% of my resources to supply all those clients with acurate time are being used by 40 clients. In fact, the top 10 "abusers" are taking nearly 17%... and it's a good moment.

I wonder if the abusers are running some kind of Unix/Linux/BSD time daemons.

In my experience, when starting the 'chronyd' time daemon under Linux, it will poll very often, like 15 seconds intervals. Everytime it gets an answer, it will compare it to the system clock, log the deviation and adjust the system clock speed based on the trend. After some time, the system clock will run really accurate, so the logged deviations will be small. The polling interval will then be increased in steps up to a max. limit of 4 hours. If the computer is restarted, this scenario starts over again.

Compare this to a typical Windows XP computer which seems to poll a time server once a week or so. No doubt that the ntp server will feel some clients more abusive than others.

Disclaimers:
The intervals stated above may be wrong. I haven't tinkered with optimizing my time daemons since the old pay-per-minute ISDN days so my memory is a bit rusty.

Chronyd is just an example. I have no knowledge of whether it stresses the time servers more or less than other time daemons like 'xntpd'.

Re:Netgear did the same thing a few years ago

[tinkerghost]

So D-Link units were making a NTP request, the request was denied by the server, but the D-Link engineers put it in their list of NTP servers anyway?
Yes, but worse and out of order .....
Check out NTP.org. Specifically check the Rules of Engagement, The Stratum 1 list, and RFC 1305.
Now looking at everything we have a protocol that involves 2 components, an implimentation component and a social component. The actual implimentation of the protocol is laid first as "Format your request in this fasion and we will return the responce looking like this...". However, it also has things for implimenting request timing fallback and kill requests. The social implimentation of the protocol is layed out in the RoE and the Server Lists - note the regional restrictions and the authorization requests in the server lists.
From the original article which evidently doesn't have any information on the open letter anymore - D-Link took the Stratum 1 list and shoved it into some of their router NTP lookup tables. That blows off the entire social aspect of the protocol - both the permissions and the structure.
Next they implimented only the request portion of the protocol, they ignore the backoff & get lost request structures - essentially forgoing the entire error correction portion incorperated into the RFC. So up to the point of manufacture they have 3 strikes against them,

• Failure to obey the Stratum structure of the NTP system
• Failure to follow the permisions structure of the NTP system
• Failure to properly impliment the NTP connection protocol
  

Now there was no known issue with this until the Danish exchange turned to the Stratum 1 owner and said "You are eating a hell of a lot of bandwidth here & we can't keep giving it to you for free." At which point the problem was tracked back to a series of D-Link SOHO routers. I don't recall the exact process he used , but he started sending kill requests to anything from a D-Link router. When they ignored it & kept making requests he talked to D-Link
From memory the conversation then went like this:
Dane: You're routers are hammering my server & they need to stop, you don't have permission & you're violating the rules.
D-Link: How cute, have a nickle & go get yourself some candy.
Dane: WTF? The exchange is going to charge me $8K to cover your protocol violations.
D-Link: It's not our fault & if it is talk to our Lawyer.
Lawyer: I won't talk to you unless you come to CA & argue your case.
At which point it devolved to an open letter & public shaming - which by the way seems to have worked.

[note] IIRC someone calculated the estimated bandwidth from the D-Link routers using Stratum 1 NTP servers to be enough to continously flood a T1. So this isn't just an occasional knock on the door, it's pretty heavy usage for what amounts to a request packet and a responce packet from each router.

They already lost at least $120 in sales

[Omnifarious]

And likely more. I've been telling my friends not to buy them, and I know of at least one buying decision that was made specifically for that reason that cost them $120 worth of sales of USB wireless adapters.

Re:They already lost at least $120 in sales

[anticypher]

That's nothing. I'm engineering a large scale DSL rollout, around 80,000 installations in the first 2 phases during 2006, and a potential 4 million subscribers over the next 3 years. My technical analysis of the CPEs determines who makes the shortlist. I had a lot of fun at CeBit this March, watching the sales weasels fight over who would get first shot at my account.

I had even more fun letting the D-Link fuckheads know why they were on my blacklist. For two main reasons, the NTP theft of services from all the stratum 1's, and the mac ethernet framing problems. They were told quite clearly the non-response from their engineering team on these two show-stopper problems had left them permanently blacklisted. Its called schadenfreud, and it feels good.

the AC

Not Vague At All

[TubeSteak]

... D-Link's existing products will have authorized access to Mr. Kamp's server, but all new D-Link products will not use the GPS.Dix.dk NTP time server. D-Link is dedicated to remaining a good corporate and network citizen.

Allow me to translate: He got paid.

Part of the settlement involves him putting on his website "D-Link is dedicated to remaining a good corporate and network citizen."

Otherwise, considering his previous level of frustration, there's no chance he would shill for them like that.

Re:Not Vague At All

[Uncle+Rummy]

He also took down the entire description of the problem D-Link caused, which used to reside at that URL. Considering how pissed he was, they must have paid him well, indeed.

not unsurprisingly

[boldtbanan]

The details of the settlement are, not unsurprisingly, somewhat vague...

I do not think that means what you think it means

Re:Public? Server

[Binestar]

Seems to me that if you run a (public) NTP server with a publicly available IP address and/or DNS resolution, that means anyone (public) can use the (public) service - no?

No.

What I would have done

[ch-chuck]

Is silently migrate my legit users to another ntp server and then set the D-Link'ed ones to something like Klingon time or something bizarre, streach 8 hour days to 10 hours, etc. Of course that wouldn't solve the excess traffic, but you can get creative with revenge, especially when you're in the right.

Re:What I would have done

[PayPaI]

Yes, because everyone is going to be so confused that their router is set to the wrong time that they will go out and buy a competitors product.

Re:Public? Server

[Aladrin]

Public or not, you have to follow the rules. It is pretty well known that only 'Stratum 2' NTP servers are to use 'Stratum 1' NTP servers. This is not just a 'because we want it that way' policy. There are many good reasons for this.

http://en.wikipedia.org/wiki/NTP_vandalism

NTP Pool for Vendors

There is now a way for vendors to use the NTP pool. See http://www.pool.ntp.org/vendors.html for details.

Re:Their reputation preceeds them

[John+Miles]

Agreed. D-Link appears to occupy a point on the cost-quality curve that ultimately costs more in hair-pulling time than it saves in cash. Their products may be OK for lightweight use at home, but they can really give you fits in a more demanding environment.

Case in point: we recently put a bunch of DGS-1008D 8-port gigabit switches into service, and immediately started having problems with dropped Ethernet connections. Our laser printer was sucking down enough power at the onset of its fuser-warmup phase to trigger a nearby UPS momentarily. The resulting switchover transient lasted only a few milliseconds, but it was enough to reset the DGS-1008D. After a LOT of tail-chasing, it transpired that the (cheap-ass linear) wall-wart supplies that D-Link ships with the DGS-1008D lack sufficient filter capacitance to absorb even the slightest power glitch under high-load conditions (e.g., when there are several cables plugged into the switch.)

We took a few of their power supplies apart and found that the oldest ones -- which didn't have the problem -- used a 2000-uF filter capacitor at the rectifier output. At some point, they saved 10 cents by moving to a supply with only 1000 uF, rendering their product useless in many real-world office environments.

This isn't supposed to be a general "let's all bag on D-Link" thread, but hey, if the shoe fits...

Re:Public? Server

[freshman_a]

His NTP server access policy explicitly limited use of said server to the Danish Internet Exchange (DIX). In return, DIX provided him with a free internet connection for his NTP server. Because D-Link was sucking so much bandwidth, DIX told Kamp he would have to pay yearly for the connection. D-Link disregarded his server policy and abused his server. That's why it's a problem.

Also, his server is a Stratum 1, and, while not explicitly written, the D-Link devices should getting the time via a Stratum 2 server. At least, that's how it's commonly done.

Does that help explain things better?

This should have been solved with a check.

[CFD339]

Someone at D-Link should simply have realized the mistake and paid for a few very fast servers to sit at a hosting facillity and respond to the requests -- and all the requests already using that service -- for as long as the Danes were willing to point the DNS entry for that server to them.

In the scheme of things, and from a marketing perspective, anything else is stupid and a waste of good will.

Re:Public? Server

[tinkerghost]

Check the NTP page, there are public (open) servers and there are public (restricted) servers. There are also 3 layers of service,

• Stratum 1 are principle time servers for a region & directly query atomic clocks.
• Stratum 2 are general use for large regions or institutions - generally they should only be contacted by Stratum 3 servers - clients only as a last resort.
• Stratum 3 are the generic NTP servers of the internet - if you're an end client you should be talking to a Stratum 3 unless none are available/unrestricted for your use.

D-Link SOHO routers do 3 things wrong.

• They don't follow the NTP protocol for requests to stop using the service.
• They ignore the restrictions place on the server usage - in Denmark, for use by ISP or Stratum (2/3) requests.
• They hit a Stratum 1 NTP server as an end client.

So no, if you run a public NTP server that you have dutifully entered restrictions on, you are expecting everyone who comes to you to obey the NTP protocol. That includes following the restrictions, listening to the go away requests, and following the basic rules of who to talk to.
[Analogy type=bad]
In the US there are a number of parking spaces set asside for handicapped parking in almost every parking lot. Physically you can park there if you are not handicapped, but you're not supposed to (covers both ignoring restrictions and a client talking to a Stratum 1 server). If the manager of the parking lot tells you to get your car out of the spot - you should do that(refers to the kill request in the NTP protocol). In the real world if it get's this far, the cops come & give you a ticket. On the net you get open letters calling you an arogant prick who can't be bothered to figure out the basics of the protocols you are boasting about
[/Analogy]
For the record the Danish server was not the only Stratum 1 server they hit, they appear to have taken the Stratum 1 list (almost all of which restrict usage to Stratum 2 servers) and shoved it into the routers for general use - hardly the "Good internet citizen" they claim to be.

Poul-Henning Kamp got payed!

[__aaqwna9206]

Poul-Henning Kamp got 200.000 DDK (Danish kroner) which is about 33.000 US$.

The settlement states that Poul-Henning Kamp must not talk about the history of problems which the D-Link routers caused. But He tells danish press that any future problemes causes by D-link equiptment will be posted around the net ;-). This information is from the danish version of computerworld online at http://www.computerworld.dk/

His homepage is http://people.freebsd.org/~phk/

For those in america: Denmark is not the capital of sweden ;-)

Re:Public? Server

[plague3106]

Taping a note to your front door that reads 'only enter if you live here' doesn't accomplish a lot if you leave the door open all the time.

Please, stop with stupid analogies. They are never helpful. You can leave your door open all the time, that doesn't give anyone the right to go in! In Vermont, thats criminal trespass, and the fine is much larger than the other forms of trespass defined in the act.