Does your D-link product need to be on ??

You may be aware from the BBC article

http://news.bbc.co.uk/1/hi/technology/4906138.stm .

or elsewhere that there is a serious flaw on many D-link products which
get the time from the Internet using time servers. Whilst many time
servers are open for anyone to use, D-link products are using those
which are not.

The time servers being abused are owned by individuals, the military,
the US Government, some academic institutions and commercial companies.

One owner of a Dutch time server at least is incurring very large costs
due to this and even more costs in paying a consultant to find the problem.

http://people.freebsd.org/~phk/dlink/

To my knowledge no owners have asked for users to switch off their
D-link products, but given they are abusing the time servers, it would
be sensible to keep them switched off when not absolutely necessary.


--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually.




Dave (from the UK)

Its not a dutch but a danish server.
"Dave (from the UK)" <see-my-(E-Mail Removed)>
skrev i en meddelelse news:444119fc@212.67.96.135...
> You may be aware from the BBC article
>
> http://news.bbc.co.uk/1/hi/technology/4906138.stm .
>
> or elsewhere that there is a serious flaw on many D-link products which
> get the time from the Internet using time servers. Whilst many time
> servers are open for anyone to use, D-link products are using those which
> are not.
>
> The time servers being abused are owned by individuals, the military, the
> US Government, some academic institutions and commercial companies.
>
> One owner of a Dutch time server at least is incurring very large costs
> due to this and even more costs in paying a consultant to find the
> problem.
>
> http://people.freebsd.org/~phk/dlink/
>
> To my knowledge no owners have asked for users to switch off their D-link
> products, but given they are abusing the time servers, it would be
> sensible to keep them switched off when not absolutely necessary.
>
>
> --
> Dave K MCSE.
>
> MCSE = Minefield Consultant and Solitaire Expert.
>
> Please note my email address changes periodically to avoid spam.
> It is always of the form: month-year@domain. Hitting reply will work
> for a couple of months only. Later set it manually.
>
>

Jakob Salomonsson wrote:

> Its not a dutch but a danish server.

Sorry. You are right of course - I don't know what I was thinking of there.

But it now appears there are forty odd servers throughout the world

http://people.freebsd.org/~phk/dlink/letter2.html

where this abuse is happening. So people with D-link products might
well be using several of these without permission.


--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually.

Its stupid done of D-Link
"Dave (from the UK)" <see-my-(E-Mail Removed)>
skrev i en meddelelse news:444133e3@212.67.96.135...
> Jakob Salomonsson wrote:
>
>> Its not a dutch but a danish server.
>
> Sorry. You are right of course - I don't know what I was thinking of
> there.
>
> But it now appears there are forty odd servers throughout the world
>
> http://people.freebsd.org/~phk/dlink/letter2.html
>
> where this abuse is happening. So people with D-link products might well
> be using several of these without permission.
>
>
> --
> Dave K MCSE.
>
> MCSE = Minefield Consultant and Solitaire Expert.
>
> Please note my email address changes periodically to avoid spam.
> It is always of the form: month-year@domain. Hitting reply will work
> for a couple of months only. Later set it manually.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <444119fc@212.67.96.135>,
Dave (from the UK) <Apr-(E-Mail Removed)> wrote:
>To my knowledge no owners have asked for users to switch off their
>D-link products, but given they are abusing the time servers, it would
>be sensible to keep them switched off when not absolutely necessary.

It would be even more sensible to change router settings to use an alternate
address (like us.pool.ntp.org) instead. Instead of your router pinging
addresses it shouldn't when it's on, it'll never ping those addresses at
all. There's an option in there (in the DI-604, at least) to specify an NTP
server to use. Fill it with something from *.pool.ntp.org and you're all
set.

_/_
/ v \ Scott Alfter (remove the obvious to send mail)
(IIGS( http://alfter.us/ Top-posting!
\_^_/ rm -rf /bin/laden >What's the most annoying thing on Usenet?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEQVoZVgTKos01OwkRAnxmAKDPm4UsgAkgGg6JOS8ADo vd8CxyiACfQbPo
wp9xSamK+rbVDeNjxDUDjTo=
=SQgD
-----END PGP SIGNATURE-----

On 15 Apr 2006 20:25:46 GMT, (E-Mail Removed) (Scott
Alfter) wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>In article <444119fc@212.67.96.135>,
>Dave (from the UK) <Apr-(E-Mail Removed)> wrote:
>>To my knowledge no owners have asked for users to switch off their
>>D-link products, but given they are abusing the time servers, it would
>>be sensible to keep them switched off when not absolutely necessary.
>
>It would be even more sensible to change router settings to use an alternate
>address (like us.pool.ntp.org) instead. Instead of your router pinging
>addresses it shouldn't when it's on, it'll never ping those addresses at
>all. There's an option in there (in the DI-604, at least) to specify an NTP
>server to use. Fill it with something from *.pool.ntp.org and you're all
>set.
>
> _/_
> / v \ Scott Alfter (remove the obvious to send mail)
>(IIGS( http://alfter.us/ Top-posting!
> \_^_/ rm -rf /bin/laden >What's the most annoying thing on Usenet?
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2.2 (GNU/Linux)
>
>iD8DBQFEQVoZVgTKos01OwkRAnxmAKDPm4UsgAkgGg6JOS8AD ovd8CxyiACfQbPo
>wp9xSamK+rbVDeNjxDUDjTo=
>=SQgD
>-----END PGP SIGNATURE-----

My old DI-804U doesn't seem to have such an option. But it surely
pre-dates 2005 (that's when the problem started, as the BBC article
states).

NNN

Scott Alfter wrote:

> It would be even more sensible to change router settings to use an alternate
> address (like us.pool.ntp.org) instead. Instead of your router pinging
> addresses it shouldn't when it's on, it'll never ping those addresses at
> all. There's an option in there (in the DI-604, at least) to specify an NTP
> server to use. Fill it with something from *.pool.ntp.org and you're all
> set.

True, but for many models the time servers can't be changed - the
DWL-700AP I own is one such model. But the time servers it uses are OK
to use.
--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually.

(E-Mail Removed) wrote:
>
> My old DI-804U doesn't seem to have such an option. But it surely
> pre-dates 2005 (that's when the problem started, as the BBC article
> states).
>
> NNN

That BBC article is not well written, so I would not tend to put much
weight on what it says.

Although the issue with the Danish time server started in 2005, there
are many other time servers which are being accessed by D-link products
which have restricted access.

I have no idea if the names or IP addresses of any of those time servers
were coded into older models - I suggest you ask D-link about the
particular model(s) you have. You can get to their support page at:

http://support.dlink.com/


--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually.

On Sat, 15 Apr 2006 17:06:19 +0100, "Dave (from the UK)"
<see-my-(E-Mail Removed)> wrote:

>You may be aware from the BBC article
>
>http://news.bbc.co.uk/1/hi/technology/4906138.stm .

Hmmm, usual Bimbo Broadcasting "Science & Technology" reporting job. Where
do they get those people?

>or elsewhere that there is a serious flaw on many D-link products which
>get the time from the Internet using time servers. Whilst many time
>servers are open for anyone to use, D-link products are using those
>which are not.

Uhh.... where are those "many time servers"?

>The time servers being abused are owned by individuals, the military,
>the US Government, some academic institutions and commercial companies.
>
>One owner of a Dutch time server at least is incurring very large costs
>due to this and even more costs in paying a consultant to find the problem.
>
>http://people.freebsd.org/~phk/dlink/
>
>To my knowledge no owners have asked for users to switch off their
>D-link products, but given they are abusing the time servers, it would
>be sensible to keep them switched off when not absolutely necessary.

This is not a question of "switch off". In fact, if the gateway/routers
work well this would aggravate the "problem" because every switch-on would
cause a look-up. Besides, people with ADSL or cable access want/need a
permanent connection anyway.

Why don't you check the NTP server which your Internet Gateway/router is
using for NTP look-up? Mine -- not a D-Link -- is set from the factory to
look up clock.isc.org and is so documented in the mfr's docs. In fact I've
tried to find a Stratum-2 NTP server but none of those which were
"documented" worked. The problem here is that the NTP "community" has
their heads up their a... err, in the sand with their "open access - please
notify by e-mail" and "use name only" comments and their docs are either
obsolete or impossible to follow. Do'h this is not a lot of help.

In the office I have our DC set to use time.nist.gov because I couldn't
find anything else which worked - my ISP has a NTP.<ISPName> which maps to
an IP address but the time look-up fails there. I suppose there's
time.windows.com but I had trouble getting a response there - hardly
surprising because that's what every (U.S.) Windows XP system is set to
use.... and do we all want to depend on Bill Gates for our clock-time
now?;-)

I wonder how the conclusion was reached that *only* D-Link was at fault
here? AFAIK D-Link is one of the few vendors which actually makes such
equipment - it might be that their OEMs don't reprogram the NTP-Server
field/algorithm in the configuration. It could also be that D-Link owners
spend a lot of time re-booting their gateway/routers.:-) If the Danish guy
is getting a lot of hits, who do you think is responsible for programming
his NTP Server address into D-Link routers?

Calling this "vandalism" and "abuse" is nuts IMO. If you set up a Time
Server, it's gonna take a LOT of hits simply because Stratum-2 is a mess of
obsolete, non-functioning addresses. I have to ask what gateway/router
vendors are supposed to program into their devices for "default" NTP
look-up, given that most end-users are not expert enough to be fiddling
with the configuration settings. Ideally, the ISP who supplies them to
end-users would have a functioning NTP Server and then program that address
in before delivery but that does not happen... apparently.

--
Rgds, George Macdonald

George Macdonald wrote:
> On Sat, 15 Apr 2006 17:06:19 +0100, "Dave (from the UK)"
> <see-my-(E-Mail Removed)> wrote:
>
>
>>You may be aware from the BBC article
>>
>>http://news.bbc.co.uk/1/hi/technology/4906138.stm .
>
>
> Hmmm, usual Bimbo Broadcasting "Science & Technology" reporting job. Where
> do they get those people?

Yes - I agree. That is particularly badly written I think.

>>or elsewhere that there is a serious flaw on many D-link products which
>>get the time from the Internet using time servers. Whilst many time
>>servers are open for anyone to use, D-link products are using those
>>which are not.
>
>
> Uhh.... where are those "many time servers"?

http://ntp.isc.org/bin/view/Servers/WebHome

> Why don't you check the NTP server which your Internet Gateway/router is
> using for NTP look-up?

I have done - but it is not easy to do.

It required downloading the firmware, decompressing *part* of the file
and then using the strings command in UNIX to find the IP addresses.
From that, the name of the servers could be found.

The buy in Denmark whose time-server is affected told me how to do it.

> Mine -- not a D-Link -- is set from the factory to
> look up clock.isc.org and is so documented in the mfr's docs.

I doubt you should be using that.

http://ntp.isc.org/bin/view/Servers/ClockIscOrg

ServiceArea: BARRnet, Alternet-west, CIX-west
AccessPolicy: OpenAccess

> In fact I've
> tried to find a Stratum-2 NTP server but none of those which were
> "documented" worked. The problem here is that the NTP "community" has
> their heads up their a... err, in the sand with their "open access - please
> notify by e-mail" and "use name only" comments and their docs are either
> obsolete or impossible to follow. Do'h this is not a lot of help.

Have a look at the above site and find one. Or use this (explanation a
bit further down)

Worldwide pool.ntp.org
Asia asia.pool.ntp.org
Europe europe.pool.ntp.org
North America north-america.pool.ntp.org
Oceania oceania.pool.ntp.org
South America south-america.pool.ntp.org

> Calling this "vandalism" and "abuse" is nuts IMO.

What is abuse then? Accocding to

http://en.wikipedia.org/wiki/Abuse

* Abuse is a general term for the use or treatment of
* something (person, thing, idea, etc.) that causes some
* kind of harm (to the abused person or thing, to the
* abusers themselves, or to someone else) or is unlawful
* or wrongful.

If, as in this case, Pou-Henning is getting a large bill for the
lockups, which are making up 90% of his traffic, then it is causing him
harm. So it is abuse.

> If you set up a Time
> Server, it's gonna take a LOT of hits simply because Stratum-2 is a mess of
> obsolete, non-functioning addresses.

I don't think it is a mess, but even if it was, that does not excuse you
using one you don't have permission to use.

My comptuer might be slow. Does tham meean I can use your computers
resources without your permission?

> I have to ask what gateway/router
> vendors are supposed to program into their devices for "default" NTP
> look-up, given that most end-users are not expert enough to be fiddling
> with the configuration settings.

How about gateway/router vendors providing their own time servers,
rather than use others without permission? It is not actually that
expensive. A GPS receiver with a 1 pulse per second output connected to
a Standford Research PRS-10 rubidium source would make a nice one with a
72-hour holdover for stratum 2 if the GPS is lost.

Or vendors can use a pool that have agreed to be in a pool

http://ntp.isc.org/bin/view/Servers/NTPPoolServers

i.e.

Worldwide pool.ntp.org
Asia asia.pool.ntp.org
Europe europe.pool.ntp.org
North America north-america.pool.ntp.org
Oceania oceania.pool.ntp.org
South America south-america.pool.ntp.org

There are several more ways they could do it. They could for example use
something like DNS. The router contacts the vendor's server which
returns the IP address of a publically available time server. The router
then connects to that to get the time.

There are *many* way this could be implemented, but using a random NTP
server that does not allow access is not a good way.

> Ideally, the ISP who supplies them to
> end-users would have a functioning NTP Server and then program that address
> in before delivery but that does not happen... apparently.

Also, many like myself don't use a modem supplied by my ISP. And there
are other devices, like my WiFi adapter which are not suplied by the ISP.


--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually.