Open Letter to D-Link about their NTP vandalism
Martin Hannigan
hannigan at renesys.com
Wed Apr 12 05:00:18 UTC 2006
At 11:47 PM -0400 4/11/06, Brian Dickson wrote:
>Two concrete technical suggestions to mitigate the volunteered NTP server's
>usage issues at the DIX:
>
>(1) Have someone else anycast the DIX block, and NAT the incoming NTP requests
>to another NTP stratum-1 server (eg pool address(es)).
>
>Or a much better idea:
>
>(2) Renumber into a new /24, which is announced only at the DIX with
>no-export,
>so that only DIX members are able to reach the server - as was the intended
>usage of this NTP server in the first place.
All these messages for a device that:
- probably uses ntp for internal log cacheing
- is a home/SOHO device
- a box that can't be chimed
- has ntp on the wan port only
http://support.dlink.com/faq/view.asp?prod_id=1228&question=DI-604%20/%20DI-524_revD%20/%20DI-524_revE%20/%20DI-614+%20/%20DI-624%20/%20DI-754%20/%20DI-764%20/%20DI-774%20/%20DI-614+_revB%20/%20DI-604_revE%20/%20DI-774_revB%20/%20Di-784%20/%20DI-514
http://www.support.dlink.com/faq/view.asp?prod_id=1983&question=configure+ntp
I wonder who DNS servers they embedded.
-M<
--
Martin Hannigan (c) 617-388-2663
Renesys Corporation (w) 617-395-8574
Member of Technical Staff Network Operations
hannigan at renesys.com
More information about the NANOG
mailing list