2) *Who*says* there is 'malicious intent' involved? I'm going to be travelling 'off network'(with the 'network' being defined as the one where I have published that I'm providing time-server services to), and I happen to have a recurring need for 32-bit units of a specifically transformed out- put of a local hardware-based "/dev/random". So, I put up a server to deliver that data when requested. For reasons of 'convenience' in my programming, I choose to format the queries/responses like a particular 'well known' protocol, and run it on the port associated with that well-known protocol. Do I have any responsibility to 'announce' that I'm doing something like that, for 'private' use?
I don't understand how you can think that a hypothetical where we don't know what the intent is constitutes a response to a situation where we do know exactly what the intent is. I hope your argument is not "if you can lie and get away with it, then it's okay". That doesn't sound like a good business model to me.
again, denying service (assuming there's no explicit contract to provide it) is unquestionably safe. i was responding to the proposal that the wrong time be deliberately returned. you'd be betting that nobody would notice or that it would cost nobody money -- which isn't a safe bet, since someone can always find ways to allege that your intentional actions cost them money. (as opposed to your deliberate inaction, as in the case of denying service.)
The problem is this case is that there is no perfect way to deny service. If bums are trampling your garden to take food out of your garbage, you can lock the garbage can, but you can't poison the food. The problem becomes when the locked garbage can is a problem for the garbage collectors. I don't think anything short of legal action against D-Link is likely to solve this. I'd love to be proben wrong. DS