Well, this is at least marginally on topic, and I think it deserves a wider audience. It is written by Poul-Henning Kamp (the affected party). Please read it. http://people.freebsd.org/~phk/dlink/ It ends with the following: Didn't something like this happen before? Yes, D-Link is not the first vendor to make a hash of the NTP protocol. Some years back NetGear products blasted University of Wisconsin off the net. I have repeatedly pointed D-Link's lawyer at this case. Fortunately, in my case it is not that bad. The NetGear incident caused the NTP protocol designers to add a "kiss of death" option to the Latest (S)NTP standard but D-Links devices does not respect that option. I have tried. -- "You can't have in a democracy various groups with arms - you have to have the state with a monopoly on power," Condoleeza Rice, the US secretary of state, said at the end of her two-day visit to Baghdad yesterday. ...No Comment
GPS.dix.dk service is described as: DK Denmark GPS.dix.dk (192.38.7.240) Location: Lyngby, Denmark Geographic Coordinates: 55:47:03.36N, 12:03:21.48E Synchronization: NTP V4 GPS with OCXO timebase Service Area: Networks BGP-announced on the DIX Access Policy: open access to servers, please, no client use Contacts: Poul-Henning Kamp (phk@FreeBSD.org) Note: timestamps better than +/-5 usec. I think he should use dns views to answer the queries to gps.dix.dk and either: ( a ) answer 127.0.0.1 to all queries from outside his service area ( b ) answer a D-Link IP address to all queries from outside his service area (which could lead to getting their attention; dunno if from their engineers or from their lawyers). Rubens On 4/7/06, Etaoin Shrdlu <shrdlu@deaddrop.org> wrote:
Well, this is at least marginally on topic, and I think it deserves a wider audience. It is written by Poul-Henning Kamp (the affected party). Please read it.
http://people.freebsd.org/~phk/dlink/
It ends with the following:
Didn't something like this happen before?
Yes, D-Link is not the first vendor to make a hash of the NTP protocol. Some years back NetGear products blasted University of Wisconsin off the net. I have repeatedly pointed D-Link's lawyer at this case. Fortunately, in my case it is not that bad.
The NetGear incident caused the NTP protocol designers to add a "kiss of death" option to the Latest (S)NTP standard but D-Links devices does not respect that option. I have tried.
-- "You can't have in a democracy various groups with arms - you have to have the state with a monopoly on power," Condoleeza Rice, the US secretary of state, said at the end of her two-day visit to Baghdad yesterday. ...No Comment
Rubens Kuhl Jr. wrote:
GPS.dix.dk service is described as:
DK Denmark GPS.dix.dk (192.38.7.240) Location: Lyngby, Denmark Geographic Coordinates: 55:47:03.36N, 12:03:21.48E Synchronization: NTP V4 GPS with OCXO timebase Service Area: Networks BGP-announced on the DIX Access Policy: open access to servers, please, no client use Contacts: Poul-Henning Kamp (phk@FreeBSD.org) Note: timestamps better than +/-5 usec.
I think he should use dns views to answer the queries to gps.dix.dk and either: ( a ) answer 127.0.0.1 to all queries from outside his service area ( b ) answer a D-Link IP address to all queries from outside his service area (which could lead to getting their attention; dunno if from their engineers or from their lawyers).
Neither of which would solve the problem of his bandwidth being used by these, although (b) might actually serve to get their attention. Perhaps as a thanks to him for the public service he provides the DIX, all of the users at DIX could set their external routers to reject incoming NTP packets from networks other than their own? Or even combine that with (b), although it might be more effective if it targeted, oh, www.dlink.com instead of an IP address. Then at least it would not be taking up internal DIX bandwidth capacity. By no means am I encouraging legally actionable activity, however, and as noted, (b) just might be. -- Jeff Shultz
Hi, Should not be hard to fix... Its clearly a missuses of dix.dk services. Couple of thinks: Since its bgp and DIX customers surely have to provide a list of subnets to announce (filter and such), add those the the ntp server, or use ipf/ipfw/iptables to filter in the dix customers and I would redirect the others traffic to a dummy clock with a messed up time... after a few complaints DLINK would wake up. (Dont try to pin any legal issues to this ... its DIX servers/bandwidth/ressources, DLink (and its customers) has no regard on what DIX does with its ressources) ----- Also there is a list of ntp servers in the device and I'm sure DLink never got the permission from most of them. So try to contact the 100+ ntp services for a class action. ---- DLink should use 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, and even better provide their own x.ntp.dlink.com. Jeff Shultz wrote:
Rubens Kuhl Jr. wrote:
GPS.dix.dk service is described as:
DK Denmark GPS.dix.dk (192.38.7.240) Location: Lyngby, Denmark Geographic Coordinates: 55:47:03.36N, 12:03:21.48E Synchronization: NTP V4 GPS with OCXO timebase Service Area: Networks BGP-announced on the DIX Access Policy: open access to servers, please, no client use Contacts: Poul-Henning Kamp (phk@FreeBSD.org) Note: timestamps better than +/-5 usec.
I think he should use dns views to answer the queries to gps.dix.dk and either: ( a ) answer 127.0.0.1 to all queries from outside his service area ( b ) answer a D-Link IP address to all queries from outside his service area (which could lead to getting their attention; dunno if from their engineers or from their lawyers).
Neither of which would solve the problem of his bandwidth being used by these, although (b) might actually serve to get their attention.
Perhaps as a thanks to him for the public service he provides the DIX, all of the users at DIX could set their external routers to reject incoming NTP packets from networks other than their own? Or even combine that with (b), although it might be more effective if it targeted, oh, www.dlink.com instead of an IP address.
Then at least it would not be taking up internal DIX bandwidth capacity.
By no means am I encouraging legally actionable activity, however, and as noted, (b) just might be.
-- Alain Hebert ahebert@pubnix.net PubNIX Inc. P.O. Box 175 Beaconsfield, Quebec H9W 5T7 tel 514-990-5911 http://www.pubnix.net fax 514-990-9443
I think he should use dns views to answer the queries to gps.dix.dk and either: ( a ) answer 127.0.0.1 to all queries from outside his service area ( b ) answer a D-Link IP address to all queries from outside his service area (which could lead to getting their attention; dunno if from their engineers or from their lawyers).
Neither of which would solve the problem of his bandwidth being used by these, although (b) might actually serve to get their attention.
This reduces the bandwidth, as instead of dropping NTP packets, they would never come to him in the first place.
Perhaps as a thanks to him for the public service he provides the DIX, all of the users at DIX could set their external routers to reject incoming NTP packets from networks other than their own? Or even combine
Which still would require him to answer DNS requests for gps.dix.de.
that with (b), although it might be more effective if it targeted, oh, www.dlink.com instead of an IP address.
Answering with CNAME instead of A is a good enhancement of the original idea... :-)
Then at least it would not be taking up internal DIX bandwidth capacity.
It still would require him to answer the DNS requests. Only way to addres that is everybody outside DIX declare gps.dix.de as www.dlink.com in their resolvers.
By no means am I encouraging legally actionable activity, however, and as noted, (b) just might be.
Motion granted. Rubens
Rubens Kuhl Jr. wrote: <big snip>
It still would require him to answer the DNS requests. Only way to addres that is everybody outside DIX declare gps.dix.de as www.dlink.com in their resolvers.
Oh, I see two things here - the first is that he's in charge of his DNS, which he probably isn't. DIX likely is, but that's minor. They'll probably support him in this. The second is that I was concatenating this letter and the also referenced Netgear letter, where they were doing refs by IP address instead of DNS like the D-Link is. Combine both of them - reject outside the DIX DNS requests outside the service area (or send them to a DLink CNAME as mentioned) and as a backup reject/redirect all NTP from outside to the gps.dix.de IP address at the edge. Belt and Suspenders as such. As for the bogus NTP data idea... how many people buying a consumer grade router like this even have a clue what NTP is, much less notice what it's doing to that box over in the corner? It won't affect their computer, therefore they won't care. It's just buzzwords on the box. -- Jeff Shultz
Jeff Shultz wrote:
By no means am I encouraging legally actionable activity, however, and as noted, (b) just might be.
LOL! Did you read down to the end?... /quote/ I can't afford to sue D-Link. It seems that they have managed to arrange their corporate affairs so that there is no way I can sue them here in Denmark, but will have to do it either in Taiwan or USA. Needless to say, I can't afford that. // I would buy a ticket to witness the sublime poetic justice of D-Link trying to appeal to the Danish legal system over Poul's efforts to fend off their connections. And in response to Kevin Day:
I think the lesson here is that any service you make available to the public (NTP, DNS, IRC, SMTP, whatever) is going to be used in ways that do not match with your desires.
I take it then that you are among those who believe that abuse of any of these types of services should only be countered by technical means then, and never through legal remedies?
If I'm going to do high availability with Cisco 75xx running RSP4s which OS is the best? I picked 12.2.34 as being most stable for BGP features, but I'm just starting on the HA stuff and I don't see any of the redundancy knobs in this version of the OS. -- mailto:Neal@Layer3Arts.com // IM:layer3arts voice: 402 408 5951 cell : 402 301 9555 fax : 402 408 6902
HA like: HSRP? Or HA between 2 RSP4? HSRP should be there in 12.2.34 neal rauhauser wrote:
If I'm going to do high availability with Cisco 75xx running RSP4s which OS is the best? I picked 12.2.34 as being most stable for BGP features, but I'm just starting on the HA stuff and I don't see any of the redundancy knobs in this version of the OS.
-- Alain Hebert ahebert@pubnix.net PubNIX Inc. P.O. Box 175 Beaconsfield, Quebec H9W 5T7 tel 514-990-5911 http://www.pubnix.net fax 514-990-9443
On Fri, Apr 07, 2006 at 12:52:29PM -0700, Etaoin Shrdlu wrote:
Well, this is at least marginally on topic, and I think it deserves a wider audience. It is written by Poul-Henning Kamp (the affected party). Please read it.
*sigh* Yes yes everyone loves a good "large stupid company screws the little guy by sticking their small/free service into a commercial product" story, but unfortunately none of these solutions are very pragmatic. If I hosted an NTP server and dlink put it in a default query list of a default firmware, and then I asked them to pay my Equinix bill for the next 5 years, I would fully expect them to provide a nice little ascii diagram of exactly where I could stick it. Its just NTP, I can't imagine that it is *really* enough traffic to care all that much. There are probably a hundred people on this list who could donate free transit for this and not give it a second thought (hell if I had a pop anywhere close to .dk I would donate a gigabit solely to end this nanog thread before it turns into a bunch of self-righteous whining). There are probably an equal number of people who could donate hardware for this, either for filtering or for the IX (if they REALLY don't have the resources to handle it without charging, which I highly doubt). I'm sure you could probably pick out the dlink queries with sufficient packet inspection too, which I'm also sure you can achieve with a FreeBSD box and a couple hours of spare time. :) Seriously now, there are a million viable solutions here, ranging from mild inconvenience to attempting to screw dlink for being dumbasses, all of which are free. Point the A record else where and have people who care change to a new record, it's not worth $62k. Oh and one more thing, if the goal was restricting the traffic to only people who participated at this IX (as per the description), please add this to the list of reasons why announcing your IX subnet over the global internet is a BAD IDEA! -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
On Fri, 7 Apr 2006 18:49:18 -0400, Richard A Steenbergen <ras@e-gerbil.net> wrote:
Its just NTP, I can't imagine that it is *really* enough traffic to care all that much. There are probably a hundred people on this list who could donate free transit for this and not give it a second thought (hell if I had a pop anywhere close to .dk I would donate a gigabit solely to end this nanog thread before it turns into a bunch of self-righteous whining).
Did you read the posting? His ISP is charging him. He's also put in a fair amount of time trying to get this resolved. As for transit -- NTP works much better with short RTTs, which is precisely why it's good to have a server in Denmark. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Ok let me answer two at once here: On Fri, Apr 07, 2006 at 06:57:50PM -0400, Steven M. Bellovin wrote:
Did you read the posting? His ISP is charging him. He's also put in a fair amount of time trying to get this resolved. As for transit -- NTP works much better with short RTTs, which is precisely why it's good to have a server in Denmark.
Actually, no. Incase it wasn't clear, the IP (192.38.7.240) is out of an IX subnet for the DIX. Even if you didn't know this particular block, looking at the reverse DNS for nearby IPs makes it painfully obvious. See: http://www.peeringdb.com/dns-scan/192-38-7-0-24.txt The real issue here is that DIX used a /24 from an aggregate block which is announced in BGP (198.38.0.0/17) for their IX space, thus making it reachable from anywhere on the Internet. Incase anyone didn't know this before, now you do, this is a Bad Idea (tm). The prices phk mentions appear to be the cost of a DIX port. According to their website: A connection at the DIX with 10 or 100 Mbit/s ethernet has a yearly fee of DKK 27.000. A connection at the DIX with 1000 Mbit/s Ethernet costs a yearly fee of DKK 38.700. According to the service description, this NTP server was intended to be used only by DIX connected networks. If the /24 had been pulled from a direct /24 allocation or EP.net space, this would never be a problem, because the /24 for the IX shouldn't be propagated globally. In this particular case they could filter packets coming in via AS1835's border links, but since the block is announced globally already this may create further problems from people who don't know they need to carry the /24 and propagate it to their customers. Personally I'm not sure what to be more appalled by, that DIX would want to charge him for something that is clearly a service which benefits only them and which they should probably be paying HIM for (and which wouldn't cost them a dime if not for their poorly implemented architecture), or that a consultant charged $5000 to track this down. Both concepts are actually more repulsive to me than dlink picking 25 publicly accessable nameservers. On Sat, Apr 08, 2006 at 01:30:31AM +0100, Per Gregers Bilse wrote:
I know phk personally (give or take a little, we're from the same country, and have both participated vigorously in the same UNIX user group [yes, there have been such entities]); for those who are unaware of his credentials, let me cut and paste the following from the FreeBSD GBDE manual page:
Yes thank you everyone knows who phk is (or at least I hope they do), that is the only reason anyone is giving this a second glance, the reason it made it to slashdot, etc. However, that doesn't change the facts here. This is a non-issue, and there are many many easy ways to fix it. I'm perfectly ok with calling out dlink for their stupidity, but I think expecting them (or phk) to pay $62k or more for this is ridiculous. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Its just NTP, I can't imagine that it is *really* enough traffic to care all that much.
You're kidding, right? Do you know what happened to wisc.edu: http://www.cs.wisc.edu/~plonka/netgear-sntp/
On Apr 7, 2006, at 6:02 PM, Mark Boolootian wrote:
Its just NTP, I can't imagine that it is *really* enough traffic to care all that much.
You're kidding, right? Do you know what happened to wisc.edu:
Correct me if I'm wrong, but... That was only "really" a problem for them because there was a flaw in the Netgear code that caused the devices to make requests every second. That's not (as far as I'm aware) happening here, so we're not talking huge amounts of bandwidth. We intentionally run public NTP servers, which are even in the pool.ntp.org pool, as well as on some NTP lists. I've pegged about 35,000 unique IPs using our North America server in the last 24 hours, or about 175pps. Bandwidth usage is about 100Kbps per second on average. The occasional burst up to 250Kbps+, but those are pretty rare. This link here: http://www.lightbluetouchpaper.org/2006/04/07/when- firmware-attacks-ddos-by-d-link/ says he's getting 37pps. NTP uses 76 byte packets. 37pps * 76 byte packets = 22.4Kbps, or less than the amount of traffic a dialup user can spew. If you're running a semi- public server on the internet, and it can't handle a dialup user flooding it - you need a firewall anyway. :) I can see how unwanted NTP traffic could be a nuisance, but not how it could possibly cost US$8,800 per year. Nor requiring the use of a US$5000 "external consultant" to track down the source of the traffic. Nor worthy of invoking the Slashdot masses in outrage. Let alone why an additional traffic load of less than a dialup user accessing your server in any way is worthy of caring. Bad on D-Link for what they've done, but total overreaction on the other side as well. I think the lesson here is that any service you make available to the public (NTP, DNS, IRC, SMTP, whatever) is going to be used in ways that do not match with your desires. If you're not willing to ACL/ police the service, you're going to have to accept that people are going to use it in ways you'd rather they didn't.
On Fri, 7 Apr 2006, Kevin Day wrote:
I think the lesson here is that any service you make available to the public (NTP, DNS, IRC, SMTP, whatever) is going to be used in ways that do not match with your desires. If you're not willing to ACL/police the service, you're going to have to accept that people are going to use it in ways you'd rather they didn't.
The repeated suggestions that the best response to this sort of situation is to 'deal with it' are saddening. Did he "deserve it" because of the short skirt he was wearing? Companies behaving irresponsibly and releasing (selling!) code that abuses a shared public resource should not be the norm. Lots of people crap in the commons. But saying it is inevitable, and actually mocking people who care, is inexcusable. Someone's accountable here, and in this case it is simple to determine who. The behavior is clearly antisocial and should be addressed. Member-waving about spare gigabit ports and what traffic levels are inconsequential really is beside the point. matto PS: This puts D-Link on the same list I had Belkin and Netgear on. --matt@snark.net------------------------------------------<darwin>< Moral indignation is a technique to endow the idiot with dignity. - Marshall McLuhan
On Fri, 7 Apr 2006, Matt Ghali wrote:
I think the lesson here is that any service you make available to the public (NTP, DNS, IRC, SMTP, whatever) is going to be used in ways that do not match with your desires. If you're not willing to ACL/police the service, you're going to have to accept that people are going to use it in ways you'd rather they didn't.
The repeated suggestions that the best response to this sort of situation is to 'deal with it' are saddening. Did he "deserve it" because of the short skirt he was wearing?
And, if a service were available to the public *as a matter of courtesy* (or even as a matter of accident) and not *advertised to the public*, then those using the [unadvertised] service must cope if and when the service disappears, or even starts misbehaving deliberately. -- -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
Matt Ghali <matt@snark.net> writes:
Companies behaving irresponsibly and releasing (selling!) code that abuses a shared public resource should not be the norm.
The addresses that are configured into shipping Apple products for NTP are: time.apple.com time.asia.apple.com time.euro.apple.com Time returns 4 A records, time.euro 2, and time.asia 1. All are on net 17, so it's almost certain that Apple owns/runs 'em all. Yes, there are public NTP servers out there. Since the force multiplier effect of a defective shipping product is likely to have serious repercussions for the (all volunteer) owners of same, Apple's approach ought to be held up as the gold standard of manufacturer responsibility. ---rob
On 4/8/06, Robert E. Seastrom <rs@seastrom.com> wrote:
The addresses that are configured into shipping Apple products for NTP are:
time.apple.com time.asia.apple.com time.euro.apple.com
ubuntu linux has ntp.ubuntulinux.org for this Oh, and windows xp is set up with an option to automatically sync time from time.windows.com (right click the date on your xp taskbar, adjust date and time..) -srs -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Fri, 7 Apr 2006, Richard A Steenbergen wrote:
Its just NTP, I can't imagine that it is *really* enough traffic to care all that much.
According to Richard Clayton (who helped Poul-Henning track the problem down) it's about 37pps continuously for each stratum-1 NTP server. (Remember there are many other servers configured into the D-Link firmware that are also being abused.) http://www.lightbluetouchpaper.org/2006/04/07/when-firmware-attacks-ddos-by-... Tony. -- f.a.n.finch <dot@dotat.at> http://dotat.at/ BERWICK ON TWEED TO WHITBY: WEST OR SOUTHWEST 5 OR 6, PERHAPS INCREASING 7 LATER IN NORTH. RAIN AT FIRST. MAINLY GOOD. SLIGHT OR MODERATE.
On Fri, Apr 07, 2006 at 06:49:18PM -0400, Richard A Steenbergen wrote:
Seriously now, there are a million viable solutions here, ranging from mild inconvenience to attempting to screw dlink for being dumbasses, all of which are free. Point the A record else where and have people who care change to a new record, it's not worth $62k.
yeah, i went and dug through our netflow records and even pegged the ip up for a few seconds on a router to collect a few requests and saw very little traffic to this IP. My suggestion is rename from gps -> gps1 and drop the gps dns name. That combined with some bind/whatever views that scope the dns responses are effective since it's a DNS name. While it's similar to the wiscnet stuff, it's not identical and can be [easily] mitigated. - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
On Fri, 07 Apr 2006 20:16:03 EDT, Jared Mauch said:
My suggestion is rename from gps -> gps1 and drop the gps dns name. That combined with some bind/whatever views that scope the dns responses are effective since it's a DNS name.
That will fix the problem. In 2012 or so. I have a hostname that just now saw 500 NTP packets in 112 seconds. OK, so it's only 5 packets per second. Mind you, that hostname *was* at one time a stratum-2 server. But it moved to a different host on April 7, 2000 - 6 *years* ago. One year after that, it stopped answering NTP entirely at that IP address. And that IP address went away entirely during a building renovation 4 years ago. There's still an ARP every 2-3 seconds for it caused by people who hard-coded the IP address. I'm not sure which is scarier - the fact that of those 500 queries, 367 were *still* running NTPv1 - or that 89 were NTPv3 and and 44 were NTPv4, when the host in question has never answered an NTPv4 query from off campus. So somebody mentioned a stratum-1 is seeing 37 PPS - I'm still seeing 1/6 of that level for something that went away *last century*.
On Sat Apr 08, 2006 at 03:15:24AM -0400, Valdis.Kletnieks@vt.edu wrote:
There's still an ARP every 2-3 seconds for it caused by people who hard-coded the IP address.
I've been configuring up a few ciscos recently. In the config, I enter "ntp server pool.ntp.org", at which point IOS resolves pool.ntp.org, and stores the IP address it gets in the config. Not entirely what is expected, but an explaination for why IPs get hardcoded... Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director | * Domain & Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: info@bogons.net *
On Sat, Apr 08, 2006 at 03:15:24AM -0400, Valdis.Kletnieks@vt.edu wrote:
On Fri, 07 Apr 2006 20:16:03 EDT, Jared Mauch said:
My suggestion is rename from gps -> gps1 and drop the gps dns name. That combined with some bind/whatever views that scope the dns responses are effective since it's a DNS name.
That will fix the problem. In 2012 or so.
I have a hostname that just now saw 500 NTP packets in 112 seconds. OK, so it's only 5 packets per second.
Mind you, that hostname *was* at one time a stratum-2 server. But it moved to a different host on April 7, 2000 - 6 *years* ago. One year after that, it
... So, I've run various services over the years, including at one time being hostmaster at cic.net and dealt with renaming and renumbering our dns servers once or twice. At one time our server spurce.cic.net was numbered 35.42.1.100, and we tried to renumber it to 198.87.18.10. We faced numerous challenges in this, as we had customers that would use it as the secondary dns server so we not only had to get them to change everything, but back in the bind4 days, it was common to stick out-of-zone glue in various files. This could have the impact of dns cache poisoning. We spent a lot of time tracking down the offenders and getting them to fix the zone files. I'm sure still today merit is seeing dns tarffic to 35.42.1.100 and that whatever is at the (still valid dns record) for spruce is seeing dns queries from someones win95 dialup host. This is something that is very common that those who have run dns services have seen. The same is true for any other service out there, uu.net folks are famaliar with having their dns server being used by people that are not their customers anymore for recursion, this is quite common. If networks find this a problem, they should also consider asking the community for support, there may be people willing to add that IP to their various ntp servers, or in the case of dns-anycast, to their existing resolver systems. I do think that the vendor in question here should do something to help. I'm just glad that I don't own any of their products. - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
On Apr 7, 6:49pm ras@e-gerbil.net wrote:
*sigh* Yes yes everyone loves a good "large stupid company screws the little guy by sticking their small/free service into a commercial product" story, but unfortunately none of these solutions are very pragmatic. If I hosted an NTP server and dlink put it in a default query list of a default firmware, and then I asked them to pay my Equinix bill for the next 5 years, I would fully expect them to provide a nice little ascii diagram of
That isn't what he asked. He explained the problem to them, asked them to rectify it, and their response was "here, talk to our lawyers". Which is merely a discrete way of saying "f*** off, we're bigger". Infer at will, please, if you will. I know phk personally (give or take a little, we're from the same country, and have both participated vigorously in the same UNIX user group [yes, there have been such entities]); for those who are unaware of his credentials, let me cut and paste the following from the FreeBSD GBDE manual page: HISTORY This software was developed for the FreeBSD Project by Poul-Henning Kamp and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program. AUTHORS Poul-Henning Kamp <phk@FreeBSD.org> So for the benefit of any xenophobes here, rest assured, he's cleared for a NASA-powered Mars-walk when the time comes. As for the issue at hand, I can only support phk, it's an open and shut case. Of course, anybody and everybody is free to argue that if one walks through Central Park (or whatever your local Mugger's Delight is called), one is merely fighting a losing battle. At the end of the day, however, it becomes a question about what behaviour we deem acceptable, whether or not fighting back seems fruitful. There's an old Scandinavian proverb (quite possibly of foreign origin) which simply says ""Those who keep quiet, agree". Do you agree? -- Per
+<20060407224918.GM45591@overlord.e-gerbil.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060407224918.GM45591@overlord.e-gerbil.net> User-Agent: Mutt/1.5.9i On Fri, Apr 07, 2006 at 06:49:18PM -0400, Richard A Steenbergen wrote:
Its just NTP, I can't imagine that it is *really* enough traffic to care all that much. There are probably a hundred people on this list who could donate free transit for this and not give it a second thought (hell if I had a pop anywhere close to .dk I would donate a gigabit solely to end this nanog thread before it turns into a bunch of self-righteous whining).
It actually does end up being a lot. My fairly modest public ntp server gets about an average 11.38pps in traffic which ends up being almost 4GB/month. It ends up being about 2,300 unique clients over the perioud an hour. While I'm unsure of how many routers D-Link sold, but I would be suprised if it's not at least 100x that.
participants (20)
-
Alain Hebert -
Etaoin Shrdlu -
Jared Mauch -
Jeff Shultz -
Kevin Day -
Mark Boolootian -
Mark Borchers -
Matt Ghali -
neal rauhauser -
Nicholas Suan -
Per Gregers Bilse -
Richard A Steenbergen -
Robert E.Seastrom -
Rubens Kuhl Jr. -
Simon Lockhart -
Steven M. Bellovin -
Suresh Ramasubramanian -
Todd Vierling -
Tony Finch -
Valdis.Kletnieks@vt.edu