Re: Open Letter to D-Link about their NTP vandalism
Two concrete technical suggestions to mitigate the volunteered NTP server's usage issues at the DIX: (1) Have someone else anycast the DIX block, and NAT the incoming NTP requests to another NTP stratum-1 server (eg pool address(es)). Or a much better idea: (2) Renumber into a new /24, which is announced only at the DIX with no-export, so that only DIX members are able to reach the server - as was the intended usage of this NTP server in the first place. (The announcment can be made by anyone at the DIX, it is not strictly necessary that the NTP server be the announcer of the /24. And in fact, it need not be a /24, as the server should be the only occupant of the block - but it should not be covered by any globally visible aggregate, at least not one contiguous to the connectivity at the DIX.) As to the liability issue, it is easy enough to envision that someone, somewhere, is relying on time results from NTP for a life-or-death application, like a medical device, and is innocently an impacted third party in this. Sending bad NTP values could in theory be responsible for killing someone's scratch monkey... -- Brian Dickson Email: briand@chateau-briand.net http://www.chateau-briand.net Tel : +1 647 234 7282
At 11:47 PM -0400 4/11/06, Brian Dickson wrote:
Two concrete technical suggestions to mitigate the volunteered NTP server's usage issues at the DIX:
(1) Have someone else anycast the DIX block, and NAT the incoming NTP requests to another NTP stratum-1 server (eg pool address(es)).
Or a much better idea:
(2) Renumber into a new /24, which is announced only at the DIX with no-export, so that only DIX members are able to reach the server - as was the intended usage of this NTP server in the first place.
All these messages for a device that: - probably uses ntp for internal log cacheing - is a home/SOHO device - a box that can't be chimed - has ntp on the wan port only http://support.dlink.com/faq/view.asp?prod_id=1228&question=DI-604%20/%20DI-524_revD%20/%20DI-524_revE%20/%20DI-614+%20/%20DI-624%20/%20DI-754%20/%20DI-764%20/%20DI-774%20/%20DI-614+_revB%20/%20DI-604_revE%20/%20DI-774_revB%20/%20Di-784%20/%20DI-514 http://www.support.dlink.com/faq/view.asp?prod_id=1983&question=configure+ntp I wonder who DNS servers they embedded. -M< -- Martin Hannigan (c) 617-388-2663 Renesys Corporation (w) 617-395-8574 Member of Technical Staff Network Operations hannigan@renesys.com
BD> Date: Tue, 11 Apr 2006 23:47:11 -0400 BD> From: Brian Dickson BD> As to the liability issue, it is easy enough to envision that BD> someone, somewhere, is relying on time results from NTP for a BD> life-or-death application, like a medical device, and is innocently BD> an impacted third party in this. If I had a life-or-death application depending on NTP, I'd do what I've already suggested: Use GPS and multiple stratum-1 servers, and clip adjustment delta magnitude. I might also listen for a heartbeat (no pun intended) saying "device agrees with NTP server", then raise an error if that condition failed. BD> Sending bad NTP values could in theory be responsible for killing BD> someone's scratch monkey... I can only hope that my life is never entrusted to a device that, at the suggestion of a lone NTP server, would adjust the clock by 42 years. IANAL, nor do I play one on TV, but such a setup would seem grossly negligent. Automated devices fail. Pretending otherwise is foolish. But you _did_ say "scratch monkey". :-) Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc@brics.com -*- jfconmaapaq@intc.net -*- sam@everquick.net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
participants (3)
-
Brian Dickson
-
Edward B. DREGER
-
Martin Hannigan