time-b.netgear.com/time-c.netgear.com dns queries
Noticed lot of "A" record queries for time-b.netgear.com/time-c.netgear.comon dns servers. Has anyone noticed similar behavior on any of your dns servers? Anyone aware about a known issue with netgear home routers which can create bulk dns queries? -Basil
Yo Basil! On Fri, 7 Sep 2012 20:22:29 -0400 Basil Baby <basilbaby@gmail.com> wrote:
Noticed lot of "A" record queries for time-b.netgear.com/time-c.netgear.comon dns servers. Has anyone noticed similar behavior on any of your dns servers? Anyone aware about a known issue with netgear home routers which can create bulk dns queries?
https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse#NETGEAR_and_the_Un... RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588
Hmm... Even though similar issue was identified in 2003, looks like still there are devices in market with those old firmwares or similar behavior. sheesh !! :( -Basil On Fri, Sep 7, 2012 at 8:30 PM, Gary E. Miller <gem@rellim.com> wrote:
Yo Basil!
On Fri, 7 Sep 2012 20:22:29 -0400 Basil Baby <basilbaby@gmail.com> wrote:
Noticed lot of "A" record queries for time-b.netgear.com/time-c.netgear.comon dns servers. Has anyone noticed similar behavior on any of your dns servers? Anyone aware about a known issue with netgear home routers which can create bulk dns queries?
https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse#NETGEAR_and_the_Un...
RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588
On Sep 7, 2012, at 7:44 PM, Basil Baby wrote:
Hmm... Even though similar issue was identified in 2003, looks like still there are devices in market with those old firmwares or similar behavior. sheesh !! :(
-Basil
While NETGEAR does have a history of issues like this, the UofW issue is likely not related to what you are seeing - that issue stemmed from them not using DNS and hardcoding the university's NTP server. The issue you are seeing seems to stem from their NTP code doing the Wrong Thing nonetheless...
On Fri, Sep 7, 2012 at 8:30 PM, Gary E. Miller <gem@rellim.com> wrote:
Yo Basil!
On Fri, 7 Sep 2012 20:22:29 -0400 Basil Baby <basilbaby@gmail.com> wrote:
Noticed lot of "A" record queries for time-b.netgear.com/time-c.netgear.comon dns servers. Has anyone noticed similar behavior on any of your dns servers? Anyone aware about a known issue with netgear home routers which can create bulk dns queries?
https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse#NETGEAR_and_the_Un...
RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588
On Fri, 07 Sep 2012 20:44:44 -0400, Basil Baby said:
Hmm... Even though similar issue was identified in 2003, looks like still there are devices in market with those old firmwares or similar behavior. sheesh !! :(
A long long time ago in a network far far away, one of our campus NTP servers was a machine under my desk. That machine was shut down around 2002/06/30 22:49 and we didn't re-assign the IP address ever since *because* it kept getting hit with NTP packets.. Yes, a decade ago. A few months ago I ran a test of how many things were still using it. In the first 15 minutes, 234 different IP's tried to NTP to that address, which has been a black hole for a decade. After 3 hours, I had almost 2,000 IPs. Interestingly enough, the *hostname* is still in use (by another machine under my desk) - and it gets near zero hits. So it's all hardcoded IP addrs not hostnames.
On Fri, Sep 7, 2012 at 7:36 PM, <valdis.kletnieks@vt.edu> wrote: ....
Interestingly enough, the *hostname* is still in use (by another machine under my desk) - and it gets near zero hits. So it's all hardcoded IP addrs not hostnames.
And for NTP implementations that use DNS they also often only check DNS on startup too...and lots of people do not maintain their servers...well, except netgear, which just hammers the bugger out of everything (See OP) -- "Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds." -- Samuel Butler
participants (5)
-
Basil Baby
-
Gary E. Miller
-
Michael Loftis
-
Ryan Rawdon
-
valdis.kletnieks@vt.edu