nanog mailing list archives

Re: Open Letter to D-Link about their NTP vandalism


From: Martin Hannigan <hannigan () renesys com>
Date: Wed, 12 Apr 2006 01:00:18 -0400


At 11:47 PM -0400 4/11/06, Brian Dickson wrote:
Two concrete technical suggestions to mitigate the volunteered NTP server's
usage issues at the DIX:

(1) Have someone else anycast the DIX block, and NAT the incoming NTP requests
to another NTP stratum-1 server (eg pool address(es)).

Or a much better idea:

(2) Renumber into a new /24, which is announced only at the DIX with no-export,
so that only DIX members are able to reach the server - as was the intended
usage of this NTP server in the first place.


All these messages for a device that:

- probably uses ntp for internal log cacheing
- is a home/SOHO device
- a box that can't be chimed
- has ntp on the wan port only

http://support.dlink.com/faq/view.asp?prod_id=1228&question=DI-604%20/%20DI-524_revD%20/%20DI-524_revE%20/%20DI-614+%20/%20DI-624%20/%20DI-754%20/%20DI-764%20/%20DI-774%20/%20DI-614+_revB%20/%20DI-604_revE%20/%20DI-774_revB%20/%20Di-784%20/%20DI-514


http://www.support.dlink.com/faq/view.asp?prod_id=1983&question=configure+ntp

I wonder who DNS servers they embedded.


-M<


--
Martin Hannigan                                (c) 617-388-2663
Renesys Corporation                            (w) 617-395-8574
Member of Technical Staff                      Network Operations
                                              hannigan () renesys com


Current thread: