Jump to content

NTP Vandalism - An open letter.

Rate this topic


Recommended Posts

The problem: Many routers keep their internal clock by querying a time-server on the internet. However, instead of operating their own server, the router manufacturers rely on a list of publicly available servers. And that's, where this amounts to vandalism, because very often, access rules are ignored and violated. The latest victim is a privately operated server in Denmark, whose owner now faces a yearly $8000 bill, plus a host of extra cost, thanks to D-Link. Since D-Link refuses to pay for the damages their equipment causes, the time server operator decided to go public:


By the way, we had seen this before:


Atleast, Netgear was more cooperative. Much more cooperative, I have to add. (See inside link below)

EDIT: Link fixed.

UPDATE: Poul added a link to the expert, who tracked down the problem.

I include that here as well, as it describes clearly the size and scope of the problem:

When Firmware Attacks! (DDoS by D-Link).

Edited by jadeclaw
Link to comment
Share on other sites

so the $8000 bill is the router pinging the time server? getting a data packet for world time?

Correct, but not one, hundred thousands of them. And going through the list of included servers, only servers of public organisations and educational facilities had been included. Since most people still use MS-Windows, I would have expected to find 'time.windows.com' in there. That one can handle the traffic easily and Microsoft possibly wouldn't even notice, expecting tons of traffic from their OS-installs. But no, it is better to vandalize public property and violate access rules. *GRMPF*

Advice: If your D-Link-Product allows to enter a specific time server, either set it to time.windows.com or use the NTP-pool for that.


That way, the traffic load is distributed evenly onto many shoulders.

And of course, check out, if your ISP offers a time server, then use that in the first place.

Edited by jadeclaw
Link to comment
Share on other sites

  • 3 weeks later...

UPDate: Obviously public pressure works.

2006-04-27 Update:

"D-Link and Poul-Henning Kamp announced today that they have amicably

resolved their dispute regarding access to Mr. Kamp's GPS.Dix.dk

NTP Time Server site. D-Link's existing products will have

authorized access to Mr. Kamp's server, but all new D-Link

products will not use the GPS.Dix.dk NTP time server. D-Link is

dedicated to remaining a good corporate and network citizen."

Let's hope, other hardware makers learn from this and avoid making the same mistake in the future.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...