What most people participating in this subthread seem to be missing is
that
if one did decide to send (or accidentally sent) false time to these D-Link devices, NOBODY WOULD EVER KNOW OR CARE. Doing so does not solve any problems, so whatever the legal risk of acting is, no matter how small, it's not worth it.
But there is a larger issue of NTP abuse here that needs a coordinated technical and legal approach. I suggest that if you are going to operate a public NTP server you should also run a web server at the same IP address and publish your terms of service. If you have given public advance notice of what constitutes normal use, and what constitutes abuse, then you are on stronger legal ground. And if you state that those abusing the service will be disconnected by sending a KoD packet, and that users who persist after the KoD packet will receive a jittered time signal (or delayed or whatever), then you are on even stronger legal ground. Of course, you should always consult your lawyer on the legalities, but it helps your lawyer if you have a clear and well-thought out approach to present to him. This thread has had a lot of good info about NTP best practices so I consider it worthwhile, even if most of the responses were tangential to the original issue. --Michael Dillon