Does your D-link product need to be on ??

You may be aware from the BBC article

http://news.bbc.co.uk/1/hi/technology/4906138.stm .

or elsewhere that there is a serious flaw on many D-link products which
get the time from the Internet using time servers. Whilst many time
servers are open for anyone to use, D-link products are using those
which are not.

The time servers being abused are owned by individuals, the military,
the US Government, some academic institutions and commercial companies.

One owner of a Dutch time server at least is incurring very large costs
due to this and even more costs in paying a consultant to find the problem.

http://people.freebsd.org/~phk/dlink/

To my knowledge no owners have asked for users to switch off their
D-link products, but given they are abusing the time servers, it would
be sensible to keep them switched off when not absolutely necessary.


--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: [email protected] Hitting reply will work
for a couple of months only. Later set it manually.

 

Its not a dutch but a danish server.

 

Sorry. You are right of course - I don't know what I was thinking of there.

But it now appears there are forty odd servers throughout the world

http://people.freebsd.org/~phk/dlink/letter2.html

where this abuse is happening. So people with D-link products might
well be using several of these without permission.


--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: [email protected] Hitting reply will work
for a couple of months only. Later set it manually.

 

Its stupid done of D-Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It would be even more sensible to change router settings to use an alternate
address (like us.pool.ntp.org) instead. Instead of your router pinging
addresses it shouldn't when it's on, it'll never ping those addresses at
all. There's an option in there (in the DI-604, at least) to specify an NTP
server to use. Fill it with something from *.pool.ntp.org and you're all
set.

_/_
/ v \ Scott Alfter (remove the obvious to send mail)
(IIGS( http://alfter.us/ Top-posting!
\_^_/ rm -rf /bin/laden >What's the most annoying thing on Usenet?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEQVoZVgTKos01OwkRAnxmAKDPm4UsgAkgGg6JOS8ADovd8CxyiACfQbPo
wp9xSamK+rbVDeNjxDUDjTo=
=SQgD
-----END PGP SIGNATURE-----

 

My old DI-804U doesn't seem to have such an option. But it surely
pre-dates 2005 (that's when the problem started, as the BBC article
states).

NNN

 

True, but for many models the time servers can't be changed - the
DWL-700AP I own is one such model. But the time servers it uses are OK
to use.
--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: [email protected] Hitting reply will work
for a couple of months only. Later set it manually.

 

That BBC article is not well written, so I would not tend to put much
weight on what it says.

Although the issue with the Danish time server started in 2005, there
are many other time servers which are being accessed by D-link products
which have restricted access.

I have no idea if the names or IP addresses of any of those time servers
were coded into older models - I suggest you ask D-link about the
particular model(s) you have. You can get to their support page at:

http://support.dlink.com/


--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: [email protected] Hitting reply will work
for a couple of months only. Later set it manually.

 

Hmmm, usual Bimbo Broadcasting "Science & Technology" reporting job. Where
do they get those people?

Uhh.... where are those "many time servers"?

This is not a question of "switch off". In fact, if the gateway/routers
work well this would aggravate the "problem" because every switch-on would
cause a look-up. Besides, people with ADSL or cable access want/need a
permanent connection anyway.

Why don't you check the NTP server which your Internet Gateway/router is
using for NTP look-up? Mine -- not a D-Link -- is set from the factory to
look up clock.isc.org and is so documented in the mfr's docs. In fact I've
tried to find a Stratum-2 NTP server but none of those which were
"documented" worked. The problem here is that the NTP "community" has
their heads up their a... err, in the sand with their "open access - please
notify by e-mail" and "use name only" comments and their docs are either
obsolete or impossible to follow. Do'h this is not a lot of help.

In the office I have our DC set to use time.nist.gov because I couldn't
find anything else which worked - my ISP has a NTP.<ISPName> which maps to
an IP address but the time look-up fails there. I suppose there's
time.windows.com but I had trouble getting a response there - hardly
surprising because that's what every (U.S.) Windows XP system is set to
use.... and do we all want to depend on Bill Gates for our clock-time
now?;-)

I wonder how the conclusion was reached that *only* D-Link was at fault
here? AFAIK D-Link is one of the few vendors which actually makes such
equipment - it might be that their OEMs don't reprogram the NTP-Server
field/algorithm in the configuration. It could also be that D-Link owners
spend a lot of time re-booting their gateway/routers. If the Danish guy
is getting a lot of hits, who do you think is responsible for programming
his NTP Server address into D-Link routers?

Calling this "vandalism" and "abuse" is nuts IMO. If you set up a Time
Server, it's gonna take a LOT of hits simply because Stratum-2 is a mess of
obsolete, non-functioning addresses. I have to ask what gateway/router
vendors are supposed to program into their devices for "default" NTP
look-up, given that most end-users are not expert enough to be fiddling
with the configuration settings. Ideally, the ISP who supplies them to
end-users would have a functioning NTP Server and then program that address
in before delivery but that does not happen... apparently.

 

Yes - I agree. That is particularly badly written I think.

I have done - but it is not easy to do.

It required downloading the firmware, decompressing *part* of the file
and then using the strings command in UNIX to find the IP addresses.
From that, the name of the servers could be found.

The buy in Denmark whose time-server is affected told me how to do it.

I doubt you should be using that.

http://ntp.isc.org/bin/view/Servers/ClockIscOrg

ServiceArea: BARRnet, Alternet-west, CIX-west
AccessPolicy: OpenAccess

Have a look at the above site and find one. Or use this (explanation a
bit further down)

Worldwide pool.ntp.org
Asia asia.pool.ntp.org
Europe europe.pool.ntp.org
North America north-america.pool.ntp.org
Oceania oceania.pool.ntp.org
South America south-america.pool.ntp.org

What is abuse then? Accocding to

http://en.wikipedia.org/wiki/Abuse

* Abuse is a general term for the use or treatment of
* something (person, thing, idea, etc.) that causes some
* kind of harm (to the abused person or thing, to the
* abusers themselves, or to someone else) or is unlawful
* or wrongful.

If, as in this case, Pou-Henning is getting a large bill for the
lockups, which are making up 90% of his traffic, then it is causing him
harm. So it is abuse.

I don't think it is a mess, but even if it was, that does not excuse you
using one you don't have permission to use.

My comptuer might be slow. Does tham meean I can use your computers
resources without your permission?

How about gateway/router vendors providing their own time servers,
rather than use others without permission? It is not actually that
expensive. A GPS receiver with a 1 pulse per second output connected to
a Standford Research PRS-10 rubidium source would make a nice one with a
72-hour holdover for stratum 2 if the GPS is lost.

Or vendors can use a pool that have agreed to be in a pool

http://ntp.isc.org/bin/view/Servers/NTPPoolServers

i.e.

Worldwide pool.ntp.org
Asia asia.pool.ntp.org
Europe europe.pool.ntp.org
North America north-america.pool.ntp.org
Oceania oceania.pool.ntp.org
South America south-america.pool.ntp.org

There are several more ways they could do it. They could for example use
something like DNS. The router contacts the vendor's server which
returns the IP address of a publically available time server. The router
then connects to that to get the time.

There are *many* way this could be implemented, but using a random NTP
server that does not allow access is not a good way.

Also, many like myself don't use a modem supplied by my ISP. And there
are other devices, like my WiFi adapter which are not suplied by the ISP.


--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: [email protected] Hitting reply will work
for a couple of months only. Later set it manually.

 

Yeah I knw where the "list" is but like I've said, many just don't work -
the list is obsolete.

So they're selling routers which are not configurable for that setting? I
haven't seen a lot of different brands but my router does not show or allow
changing the setting from its Web-based interface - have to use the Command
Line from a Telnet session... which means reading the docs. This is not
stuff for the average "consumer".

Why should I not use it? It's one of the few with Open Access and no
notification message required. It's even possible that the router mfr has
obtained permission based on assurances of non-abuse and reasonably coded
frequency of look-ups. If someone wants me to obey some "Service Area"
convention, they'd better explain what that means - no such explanation is
easily found.

"Vandalism" requires some intent to do harm or "abuse". This was a mistake
- the indignation of the recipient is overblown IMO given the extent of
(lack of) guidance offered by, and the functional state of, the NTP
infrastructure. It also appears that DK has no Stratum-2 servers at all
and only two Restricted Access ones in Stratum-1 which both say "Open
access to servers, please, no client use". Hmm, difficult to know what
they mean by "servers" but it does seem like there is a problem with the DK
Internet NTP infrastructure.

The ethics of the situation are quite well covered in the University of
Wisconsin/Netgear case - there's plenty of blame to go around and plenty of
targets - things could have been done better all around.

When you go look up a source of documentation, and follow their obscure,
poorly written descriptions, written in their byzantine terminology, and
find that after trying 3 or 4 of the apparently recommended "active" sites
and none of them work, frustration generally leads to something which does
work... even if it requires a "notification message".

Ridiculous extrapolation. For one thing, I do not "publish" the method of
access to my computer. What will most people do when faced with "here it
is; don't use it... but nothing else, which is geographically close, is
available"?

Making up rules after the fact is always easy. AFAIK the "pool" concept is
relatively new - things are continually evolving here and the rules in
place now are not necessarily what was offered when firmware for any given
router was being written. Also, the "Rules of Engagement" and other docs
are hardly written for a quick reference.

I'd think *most* gateway/routers are acquired by end-users and SMBs from an
ISP - it would certainly help if NTP had a similar hierarchical structure
to DNS name caching.

 

Most seem to work for me, but I use a Sun workstation, not a D-link
router, so I can't say I have tried with this. I suspect the muppet
routers don't implement the protocol as well as the Sun.

I'm not aware it can be done on mine at all. Luckily, none accessed have
any restrictions.

The ServiceArea is the geographic and/or network area the TimeServer is
intended to serve.

I personally did not use the word vandalism. But I think abuse is correct.

Well, you don't have to use a local server and should not use a local
one if it restricts access.

I accept there is a *big* difference between intentionally hacking a
machine (me hacking yours) and you or anyone else using an NTP server
without realizing it. One is an accident, the other a deliberate act.

But once you are aware you are not welcome at an NTP server, then I
think the difference disappears.

I will ask you the same question I asked the person posting as:

Borked Pseudo Mail - ''

If you were asked by an NTP server administrator (such as the owner of
the Danish one) to stop accessing that server, and you were unable to do
so by a firmware upgrade or reconfiguring the router, would you continue
to access his server, even though he had asked you not to? If you had
no other option, would you switch your router/modem off and not use it?

Furthermore, what if the person asking you was from the US government or
the US Navy, both of whom timeservers are being abused? Would you
continue to use their time servers if you had no way of stopping your
D-link product from doing it without switching it off?

BTW, your ISP, Tellurian, might have something to say about it, as it
would be against their rules:

http://www.tellurian.com/usagepolicy.asp

In particular:

* Any "denial of service" attack, any attempt to breach
* authentication or security measures, or any unauthorized attempt
* to gain access to any other account, host or network is
* prohibited, and will result in immediate service termination,
* which may be without notice.

I think you using the NTP server then would be an unauthorized attempt
to gain access to another host.

So that makes it right?

I suggest if they are in the US, it would be rather foolish to continue
to do it should a US government or navy official ask you to stop.

No, the rules were in place before. I am not suggesting any rules at all.

If vendors chose to implement products which use NTP servers it is up to
them to work out how to do it without accessing other servers their
intended end users are not supposed to. It is not up to me, or anyone
else to tell them how to do it. I am just saying there are ways, but it
is their decision. The rules have been in place a long while.

I suspect, but don't know, that for a gateway router where the time can
only be set to 1 second resolution, it makes no difference if you use a
near or distant NTP server. The protocol corrects for network delays.
Correction improves when multiple time servers are used but I doubt it
is necessary unless the resolution is better than 1 second.

On my own system, 5 time servers are used and corrections rarely exceed
50 ms.

My PDA usually syncs to a local time server (one of my own computers),
but even if I send it to a distant one the other side of the Atlantic,
the corrections are under 1 s.

But to what accuracy you can set the time is really irrelevant for the
discussion. You should not access ones you are not welcome at and to me
at least continuing to do so once you are aware of the issue is no
different from hacking another machine.

--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: [email protected] Hitting reply will work
for a couple of months only. Later set it manually.

 

I have a DSL-302G modem/router. I don't use SNTP because the modem
appears to write the updated time to its flash EEPROM every 15
minutes. If I ran it 24/7, then this would result in approximately
32,000 writes per year. IMO, it would have been better for the time to
have been stored in RAM.

- Franc Zabkar

 

...and it wouldn't last more than 30 years at that rate! Sheesh!

 

Not if it defaults to a 24 hour update like mine does as I doubt very many
broadband users operate their machine(s) less than once a day. And if it
syncs at power up your suggestion would make the problem worse.

 

A bit Draconian to hold the user 'responsible' for something they're not
only clueless about but unable to change even if they knew, don't you think?

The question is 'who'?, knowledge, and intent.

And just how is the individual user made 'aware'? And that includes made
'aware' by an authority recognized to have the claimed authority.

Things are seldom that simple and especially not when trying to lay blame
and responsibility on people who had not one shred of participation in, nor
knowledge of, the decisions leading to the alleged 'abuse'.

First, your premise is self serving, pardon the pun. Accessing his server?
You must be kidding. According to your comments above there's essentially
no way for the user to even know a server is being accessed at all and now
someone completely unknown claims a 'perfectly fine', according to the
manufacturer of said item, is 'abusing' his server? Why should the end user
believe this story?

Now the end user *knows* he's kidding, or has no idea what the heck he's
talking about, or is some new kind of internet fraud.

The end user has no reason to worry about such a scenario because the gov
knows who to go after: the manufacturer.

The user is doing *nothing* nor making any 'attempt' to do something nor
even aware anything is being done.

Maybe I missed it but I'm not aware of any 'US government' announcement to
stop using home routers.

And if you got an unsolicited phone call from someone you never heard of
saying your perfectly fine coffee maker was screwing up their toaster oven
on the other side of the world you'd immediately unplug the thing and stop
using it, right?

The point isn't that the technical details are equivalent, the point is
you're trying to lay blame onto folks who might think the analogy is accurate.

 

Yes I accept that if it only updates once/day. It seems to vary an awful
lot - on some the time server can be configured, on others it can't. On
some the update interval may be configured, on others it may not.

I know mine can not be configured, but I also know all the servers are
open-access, so it is not an issue.

However, many of these D-link products are connecting to US military or
government sites for which access is restricted.

If the product is under warranty and you can't configure it to avoid
restricted time servers, it *might* be possible to get a
refund/replacement - it would depend an awful lot on the law in your
country and/or the dealer you bought it from.

If you can configure the ntp servers, the following will connect you to
a random time server which has no access restrictions.

Worldwide pool.ntp.org
Asia asia.pool.ntp.org
Europe europe.pool.ntp.org
North America north-america.pool.ntp.org
Oceania oceania.pool.ntp.org
South America south-america.pool.ntp.org


--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: [email protected] Hitting reply will work
for a couple of months only. Later set it manually.

 

I am not using a D-Link router. The list has nothing to do with routers
per se - it's principal purpose for me is setting accurate time for our DC
which, of course propagates to all other computers on the domain. The
experience of finding a reasonably close, working, reliable NTP server was
extremely frustrating... to the point of having to examine the Win 2K
server logs for the evidence - I didn't need that diversion. I eventually
found a recommended doc somewhere which said it's "OK" to use
time.nist.gov, as long as it's not excessive, so I used it.

That would be surprising.

Yes, I can gather that much... OBVIOUSLY. This does not preclude that a
mfr whose HQ is in a given area cannot arrange to use a server in that area
for all its U.S. sales. For the "network areas" it's not a lot of use to
specify a bunch of inner-circle coded names without explaining to the
end-user what they mean. It's almost like those people *want* to
obfuscate... invent some cryptic language for themselves and then have the
nerve to complain when some naif violates their *unexplained* encoded
rules.

Depends what you mean - their after the fact attitude on correcting the
situation and financial/technical compensation is abusive (U.S. lawyers...
which I gather the UK lawyers are "learning" from). The incident itself is
just an honest -- but likely incompetent -- mistake... with catastrophic
results.

OTOH, the guy is supplying a service to the majority(?) of the Danish ISP
industry... who are profiting from the Internet in general... some of whose
clients are no doubt using D-Link gateway-routers. The silence about their
reaction, other than apparently wanting to apply excessive charges to their
NTP "supplier", is incongruous to say the least... clean hands??

The trouble is "restricted" has degrees of enforcement in general - the
guidelines are malformed and badly expressed... and the anecdotal reports
are ambiguous.

That depends: e.g. my router only does a look-up on restarts, cold or warm,
and AFAIK does not poll excessively to get synced, so I don't feel that's
an enormous abuse; the Netgear and D-Link cases should have probably been
the subject of a recall. I still don't understand why they continue to
poll every hour or so once synced but, given that the D-Links have a
configurable NTP address the ISP industry, at least those who supply D-Link
gateway-routers bears some blame for the situation.

I'm not using their servers and I'm not that interested in discussing
hypotheticals as they apply to me.

What NTP server are you talking about? Now you're getting impudent without
assimilating already presented facts. I think you know what the above
means and is targeted at - applying it to a published list of servers which
are poorly documented might result in some "advice" on how to do things
right *BUT* he'd have trouble taking things further since ntp.tellurian.com
*does* exist but does not work. This same ISP supplied the gateway-router

No, the rules have been in flux for a while.

Depends on how the algorithm is implemented. Windows 2K/XP gives up if it
can't get a consistent delay. It seems self-evident to me that use of a
geographically close server is a better choice from several POVs.

 

Peronsally I think the manufacturer (D-link) should take responsibility.

At the minute users have not been made aware except via news reports and
posts on newsgroups, but in principle they could be notified.

According to The Register

http://www.theregister.co.uk/2006/04/13/d-link_time_row_escelates/

D-link have said they are aware of it and there may be a statement after
Easter.

I'm not blaming end users - I think the manufacturer is to blame. But
end-users are actually using the time servers now. The legal
implications of this in England are far from clear - I have no idea in
another country.

In the case of the Danish time-server, it is personally owned by an
individual with an interest in accurate time measurement.

http://people.freebsd.org/~phk/

Well, despite claims on sites like the BBC that there is a problem,
there is a distinct lack of denials from D-link, so you might reasonably
assume there is some truth in this.

A technically savvy end-user could determine it for him/her self. They
may be able to inspect the firmware downloaded from the D-link site (as
I did) following the suggestion of the Danish time server owner

Or they could look at their firewall logs which should show the
connections.

Well it has hit the BBC in England, which has a reasonable amount of
respect worldwide - although I am the first to admit this article is not
very well written.

http://news.bbc.co.uk/1/hi/technology/4906138.stm

The technical reasons are not that hard to follow.

I agree the manufacturer should be responsible, but it is not clear (at
least in England) who is legally responsible.

D-link have offered some money to the owner of the Danish time-server,
but he feels it is insufficient.

http://people.freebsd.org/~phk/dlink/

Having had dealing with him before and know how much he has contributed
to the FreeBSD project, I know that the extortion D-link claim would not
be valid.

But the manufacturer really can't do much about units in the field
unless the end-user updates firmware.

To me, the only sensible solution now, given many users will not update
firmware, is for D-link to pay the time-server owners for the increased
bandwidth. Then end users don't have to even update the firmware, as
access to the time servers will be allowed.

I agree they may not be aware (but some will be, as a results of posts
like this).

There is not. That is why I used the word "should" in there.

It is not inconceivable that such a request will follow from one of the
many US government time servers being abused. Not even the owner of the
Danish time-server has requested it.

However, more likely the military will move the names and IP address of
their time-servers, alter all the machines that connect to the time
servers, then send D-link the bill. That could be huge.

If I had shares in D-link at the minute I would sell them!!

No, but here it is a bit different.

1) The story has hit numerous newsgroups, websites, including the BBC.
Google has 73,000 hits as I write, but there is no denial from D-link.

I think it would be reasonable to assume there is a problem if places
like the BBC report it, but never report a denial from the company.
There is no denial of this on the D-link web site.

2) I can understand the logic here, but I would not the toaster/coffee
maker one.

I am *not* trying to lay blame on the end users. I feel D-link are to
blame and should pay for their cock-up. If I was an end-user, and it was
not possible to solve it with a firmware upgrade, I'd look at returning
it under a warranty.

--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: [email protected] Hitting reply will work
for a couple of months only. Later set it manually.

 

'Could be' but they still had nothing to do with it.

About time (too good a pun to pass up)

Glad to hear it but your whole argument, after stating 'the problem', has
centered around the end users.

See? After saying you weren't blaming end users you didn't manage even one
more sentence before an implied threat of "legal implications."

That's nice.

Might. Might not. Might not know about it. Might wonder why it's 'their
problem'. Might assume a 'business' is always wrong. Might think it's a
matter for the courts. Might notice that there are tons of accusations and
law suits everyday and not everyone is 'right'. Might imagine that if
they're to do something someone will will at least drop a hint. Lot's of
'mights'.

"Technically savvy end-user" is almost an oxymoron and most people have
enough things on their plate, some of which they actually care about, to
become 'investigators' over a problem they likely don't understand in the
first place even after being supposedly 'told', much less with a muddy story.

Read the "theregister" link you just posted. There's not the slightest
*hint* the end user is even involved, much less any clue whatsoever they
should 'do' something about it. It's all 'd-link is' this or that. "D-Link
is freeloading..."

They'd have hard enough time getting clueless users to understand the
matter if they *asked* for something. What would you expect the odds to be
when they don't?

No need to: "D-Link is now taking action."

Nothing for the end-user to think about.

Besides, if Mr. Poul-Henning Kamp and his gurus "have no way of figuring it
out" then don't expect the end-user to.

I'm not a court but, so far, nothing you've posted in the way of 'news' has
even hinted the end-user has been asked to do anything and it's my guess
that you suggesting some unspecified number of end-users 'probably heard
about' the problem and should have then jumped to attention, investigated
the matter, somehow figured out if their router is an affected model then
taught themselves about time servers and router firmware, found a
'solution' and then implemented it, all on their own, even though no one
asked them to do anything, is going to be a hard sell.

How the responsible parties resolve, or not, their dispute is their matter.

I was dealing with your claimed point that simply because something the
end-user had no knowledge of, nor decision process in, supposedly creates a
'problem' he knows virtually nothing about, and likely wouldn't fully
understand even if they had heard of it, and for which they haven't been
asked to do a blessed thing even if all the rest were known, then that
constitutes sufficient cause to accuse the end-user of "abuse." I'm saying
it doesn't.

But the point was that the hypothetical you proposed is inappropriate
because no such thing has taken place from either the government *or* the
owner of the time server in question, nor from any news article I've seen
you post.

Actually, it is because they would, at least first, go after the
manufacturer who created the problem.

Precisely, so it's premature, at best, to start accusing end-users of
'abuse' when none one of any authority has asked them to do a blessed thing.

Not without first contacting d-link to register the complaint and attempt a
resolution.

Which I said in the very next line.

If you had waiting to respond till you read the next sentence you'd know
that the end-user 'not understanding' was the point. Especially when the
'news' gives no indication of the affected models, does not ask for
anything to be done, and states "D-Link is now taking action."

Then why are you arguing about end-user 'abuse' and how 'they could find
out', should 'do something', and postulate 'legal implications'?

The typical end-user won't because no one's even hinted they should/could
do anything, much less asked, there's no clue given as to which models are
affected (in the 'news' anyway) and everything 'works fine' as far as they
can tell.