Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

D-Link Firmware Abuses Open NTP Servers

ScuttleMonkey posted more than 8 years ago | from the frustration-in-a-box dept.

567

DES writes "FreeBSD developer and NTP buff Poul-Henning Kamp runs a stratum-1 NTP server specifically for the benefit of networks directly connected to the Danish Internet Exchange (DIX). Some time last fall, however, D-Link started including his server in a hardcoded list in their router firmware. Poul-Henning now estimates that between 75% and 90% of NTP traffic at his server originates from D-Link gear. After five months of fruitless negotiation with a D-Link lawyer (who alternately tried to threaten and bribe him), he has written an open letter to D-Link, hoping the resulting publicity will force D-Link to acknowledge the issue. There are obvious parallels to a previous story, though Netgear behaved far more responsibly at the time than D-Link seem to be."

cancel ×

567 comments

Sorry! There are no comments related to the filter you selected.

List of Affected Products: (5, Informative)

SuperficialRhyme (731757) | more than 8 years ago | (#15084051)

From TFA: "A number of D-Link products, so far I have at least identified DI-604, DI-614+, DI-624, DI-754, DI-764, DI-774, DI-784, VDI604 and VDI624, contain a list of NTP servers in their firmware and using some sort of algorithm, they pick one and send packets to it."

Moochers (5, Insightful)

suso (153703) | more than 8 years ago | (#15084052)

Give people an inch and they take a mile. I don't see why D-Link and Netgear couldn't just make their own stratum-1 NTP servers. I mean, if you trust the brandname enough for your routing, don't you trust them enough for your time as well?

Re:Moochers (1)

cdrudge (68377) | more than 8 years ago | (#15084204)

That required time, money, and resources. DLink et al would be much happier just taking your money once and never having to deal with you again. But if they ran a time server, their customers would continue to use it yet they would get nothing* in return.

* - nothing in this case is strictly defined as money. I'm not considering good will, appreciation, or the right thing to do. None of these things apply to a business unfortunately.

Re:Moochers (3, Insightful)

suso (153703) | more than 8 years ago | (#15084284)

I'm not considering good will, appreciation, or the right thing to do. None of these things apply to a business unfortunately.

Eh hem, at the risk of sounding like a troll, they apply to my business damnit and don't you forget that.

The problem is, when you do the right thing, like enforcing security over convience, customers don't always appretiate it.

Re:Moochers (4, Insightful)

archen (447353) | more than 8 years ago | (#15084265)

I mean why in the hell does cheap dlink crap need to connect to stratum-1 servers? Seriously these things should be running on stratum-3 or lower. I doubt the FBI will come into your home with national security at stake and the whole world ENDS because your $40 dlink router is off by half a second. Why doesn't dlink run their own damn ntp server off of the stratum-1 (making them stratum 2 - stratum 1 is sortof expensive). There is no need for these things to have this level of time precision - they just need ballpark correct time.

Re:Moochers (2, Informative)

archen (447353) | more than 8 years ago | (#15084334)

just a correction, I sorta got stratum 0 confused in there, it should be lowered by a stratum, but honestly many recommend you connect to stratum 2 servers to lighten the load on the stratum 1 who's main purpose should be time distribution. (or high presision for those in need)

Re:Moochers (4, Interesting)

typical (886006) | more than 8 years ago | (#15084290)

It's cheaper for D-Link to freeload off other people.

That being said, D-Link has acquired quite a bad reputation in my book. The last time they were prominently mentioned on Slashdot was when their routers were randomly silently redirecting a small chunk of HTTP traffic to D-Link advertisements, and causing the obvious mayhem in non-human-readable HTTP traffic.

I'm also wondering just how much mayhem this guy could cause on various networks by playing with the time he returns. I'm not advocating that...I'm just pointing out that D-Link is rather leaving the owners of their routers open to whatever he chooses to do to them. Adding NTP support to a product is one thing -- hardcoding it to reference an NTP server that you can't guarantee is trustworthy is another thing. Suppose, for instance, this guy drops the name due to the expenses and someone else picks it up...

To be blunt, buying D-Link hardware at this point means that you're kind of, well, asking for whatever the hardware does to you.

Im confused (-1, Troll)

na641 (964251) | more than 8 years ago | (#15084056)

So let me get this straight... this guy hosts an NTP server and is pissed because... its being used as an NTP server?

Re:Im confused (0)

DES (13846) | more than 8 years ago | (#15084072)

Reading the fine article hasn't killed anyone yet.

Insightful +2? (1)

helioquake (841463) | more than 8 years ago | (#15084103)


Ah moderation has gone to hell these days.

Re:Im confused (5, Informative)

Nohea (142708) | more than 8 years ago | (#15084078)

NTP server use is tiered. So client PCs are not supposed to hit the tier 1s, they should hit 2nd tier or a local ntp server.

You don't use the root DNS servers for all your DNS requests, right?

Re:Im confused (0)

Anonymous Coward | more than 8 years ago | (#15084376)

You don't use the root DNS servers for all your DNS requests, right?

Actually, I do. I have our DHCP hand them out.

Less chance of getting hit with as poof attack this way.

Re:Im confused (5, Informative)

phil reed (626) | more than 8 years ago | (#15084080)

Yes, you're confused. And, you didn't read the article. The author is pissed because he's running an NTP server intended to be accessed only by Danish networks, and for use by servers, not clients. D-Link products are only marketed to clients, and not just Danish clients.

Re:Im confused (-1, Troll)

na641 (964251) | more than 8 years ago | (#15084118)

i did read the article... seems to me if he only wanted hits from danish networks, then he should incorporate some security.

Re:Im confused (5, Insightful)

honkycat (249849) | more than 8 years ago | (#15084203)

He followed standard protocol for NTP servers, which is to list the restrictions on the use of your server with its entry on the NTP server list. System administrators are supposed to check this to make sure they're not making an unauthorized connection. They're also supposed to contact the NTP server administrator to let him know they're using the server, unless the server admin states otherwise.

You can learn all this and check the list to be sure you comply within 10 minutes thanks to the power of Google. Any responsible company would know this and do so. D-Link made a big mistake (not in terms of the impact on them, sadly) and is evidently refusing to own up.

As others have pointed out, it's not easy to implement the restrictions that would enforce the access policy. It's also sad, though not surprising, that one would have to. It'd be one thing if the server was the target of script kiddie DOS attacks, but a legitimate company selling network products really ought to know better (and care).

Re:Im confused (1)

svindler (78075) | more than 8 years ago | (#15084082)

This guy gets pissed because he hosts an ntp server meant for a few thousand servers on Danish networks but is being used by millions of little home routers all over the world, abusing the policy stated where D-Link picked up the server name!

Re:Im confused (4, Informative)

Chyeld (713439) | more than 8 years ago | (#15084122)

He hosts a NTP server with the intention of it being used by a certain audience. He's not pissed people outside of that audience are using the server, he's pissed that D-Link decided to abuse the service he's providing and now the overwhelming majority of the people using his service are outside the intended audience.

Sorta like how server admins get pissed when an article posted on their site causes them to be Slashdotted.

And honestly, the fact that D-Link is acting in the way it is while he trys to get them to resolve the issue probably isn't helping matters.

Then again, as a former owner of a D-Link product which rebooted itself anytime I went over 50 simultaneous connections (think P2P), I don't doubt they'd be too cheap to actually just run their own.

Re:Im confused (1)

jbolden (176878) | more than 8 years ago | (#15084128)

Yeah he seems to have wanted it to be a private NTP server for about 2000 servers in denmark. Which seems like an easy thing if they just did NTP over SSL or something. He is estimating under $10k / year in extra costs in damages, so the problem is that this is an individual and not an institution.

Re:Im confused (1)

typical (886006) | more than 8 years ago | (#15084426)

NTP over SSL (a VPN-sorta thing) would not work well at all, especially for a Tier-1. NTP requires minimal and predictable delay, and a server may have a large number of users -- connection setup and teardown would be very sizeable.

He is estimating under $10k / year in extra costs in damages, so the problem is that this is an individual and not an institution.

Which is why I can't understand why D-Link didn't just shut up and foot the bill. He has a very legitimate gripe, and as long as he doesn't go public about it, $10K/year is pretty minimal. The cost of the lawyer they set on him, assuming anything more than four or five bullshit letters with no research were sent is going to exceed this.

Re:Im confused (4, Insightful)

99BottlesOfBeerInMyF (813746) | more than 8 years ago | (#15084137)

So let me get this straight... this guy hosts an NTP server and is pissed because... its being used as an NTP server?

If I set up an NTP server, say for my university, and left it open for others, I also might think it a bit unorthodox if a multinational corporation hardcoded all there gear (which was deployed internationally) to query it. This is for several reasons. First, it generates unneeded bandwidth and violates convention by not using a local NTP server. Second, it means thousands of people are relying on one person for their gear to work properly, a person the company did not even bother to consult. What if he decides to change the time by five hours, just for fun? It is bloody irresponsible of the manufacturer to give him that option. And what happens if the server is deprecated or the hostname and IP changed in a reworking of the network? Tons of wasted traffic as they ping his IP space.

He's not just any guy. (2, Insightful)

Anonymous Coward | more than 8 years ago | (#15084178)

He's not just any guy. He is one of the main FreeBSD developers. His work is used directly and indirectly by millions of people (yourself included) each day. It's even quite possible that D-Link uses FreeBSD.

When we see how much this man gives to the community for free, and the extremely high-quality of his work, I can't but help support him in this matter.

I, for one, would consider donating to a fund to help him battle this menace, even though I'm not a Danish citizen. I would hope that Netgear, Cisco and others would help him financially, as well.

Re:Im confused (5, Interesting)

typical (886006) | more than 8 years ago | (#15084387)

There are three conventions being violated:

* To keep the network working, the NTP system is tiered. Anything other than a time server used to redistribute time to other machines should probably access a Tier 3 system, or a Tier 2 if that is not possible. It should never hammer a Tier 1 -- this can screw up the rest of the NTP network.

* There are large lists of NTP servers, and they list access restrictions. As pointed out in the letter, this guy explicitly stated in his access rules that this server was not for client use.

* As pointed out in the letter, this guy explicitly stated in his access rules that this server was not for use outside of Denmark.

You may not be used to this sort of thing, because no such set of agreements exists for, say, webservers. However, in the NTP world, network administrators respect these, and it is why the time system continues to work.

What D-Link is doing hurts all Danish NTP users, and freeloads off a volunteer (D-Link is selling the product and profiting from it -- let *them* handle the traffic and factor any bandwidth costs into their product cost). It opens their product to potential abuse if the server becomes malicious (a properly-designed router would allow the user to specify an NTP server, or if the user is unable to configure a router, to do what the letter suggested and use a D-Link-controlled name.). It violates agreements that have been generally respected by the NTP-using administrator community for many years.

Couldn't they filter (2, Insightful)

MECC (8478) | more than 8 years ago | (#15084065)

I'd think they could just firewall off just their ntp servers, and only allow certain networks in - their networks. Of course, it wouldn't be open anymore, but with PHBs trolling around like daleks, opening things up the general internet public is getting more and more difficult.

Re:Couldn't they filter (4, Informative)

DES (13846) | more than 8 years ago | (#15084130)

A good idea, but not easily doable, since the allowed networks include most of Denmark. He would have to filter traffic based on the AS of the sender; this would require a full BGP feed and probably also a continuously updated mirror of the RIPE database.

Re:Couldn't they filter (0)

wackysootroom (243310) | more than 8 years ago | (#15084292)

What about filtering on partial MAC address? Isn't the first part of the MAC address for a vendor's product generally the same?

Re:Couldn't they filter (1)

hal9000(jr) (316943) | more than 8 years ago | (#15084382)

MAC addresses are only available on the local network.

Re:Couldn't they filter (1)

jaredmauch (633928) | more than 8 years ago | (#15084396)

You don't see the mac address in remote IP packets, only on the same subnet.

Also, filtering the packets may see an increased volume of traffic as it will not get a response and keep retrying.

Re:Couldn't they filter (0)

Anonymous Coward | more than 8 years ago | (#15084408)

MAC addresses aren't routable.

Re:Couldn't they filter (1)

Kohath (38547) | more than 8 years ago | (#15084164)

Then someone would complain about the router spying on them. After all, do you want your router CALLING HOME TO D-LINK WITHOUT ASKING YOU??!!!!!??!!

It would be the worst case of spyware since Slashdot implemented cookies.

Re:Couldn't they filter (0)

Anonymous Coward | more than 8 years ago | (#15084341)

Slashdot implemented cookies? Holy Crap, I better go reformat my hard drive, then use a giant magnet, then break the platters just to be sure.

Re:Couldn't they filter (0)

Anonymous Coward | more than 8 years ago | (#15084399)

Cookies aren't spyware you dumbshit.

Re:Couldn't they filter (1)

diamondsw (685967) | more than 8 years ago | (#15084220)

Of course, to filter something you have to receive it, so their bandwidth costs are still going to be needlessly through the roof. If I read the article correctly, that's where the bulk of the ongoing expense is coming from.

Re:Couldn't they filter (0)

Azarael (896715) | more than 8 years ago | (#15084380)

What is preventing him from renaming his NTP server? If DLink is the major abuser, then see how they like querying an ip that doesn't exist? After all, wouldn't everyone else not be affected since the NTP pool can re-route the traffic to the new server?

Easy fix (4, Funny)

mcgroarty (633843) | more than 8 years ago | (#15084067)

If he can detect that the majority of connections are from D-Link products, then he can detect which connections are from D-Link products. The easy solution? Whenever a D-Link product connects, report a very very wrong time. :)

Re:Easy fix (5, Informative)

holdenholden (961300) | more than 8 years ago | (#15084117)

He says that such a solution is hard to implement on Cisco, and would be too CPU intensive. FTFA: "Filtering the D-Link packets requires inspection of fields which are not simple to implement in Cisco routers, and in particular such filtering seems to send all packets on the interface through the CPU instead of fast switching, so ingress filtering the packets at the ingress of AS1835 is totally out of the question."

Re:Easy fix (1)

Lumpy (12016) | more than 8 years ago | (#15084154)

Actually that would be fun. Add a PC in front of the NTP server that looks for Dlink traffic or any traffic outside the networks he desires to serve and either blackhole the response (IPTABLES DROP) or hand off to a C app that reports a random time response. Thus making all D-link hardware wonky.

I prefer the drop as this limits the bandwidth and will get customers screaming at Dlink.

It should not be too hard to set up a linux box to drop and route based on some simple rules. hell dropping all NTP requests from the United states will probably cut his traffic nearly in 1/2

Re:Easy fix (0)

Anonymous Coward | more than 8 years ago | (#15084247)

Reading the article helps.

You can't just 'add a PC', firstly it wouldn't drop the bandwidth in any way, and that's what he will be charged for, and secondly that PC would have to be colocated and incur the installation and ongoing fees, DOUBLING the costs that he is going to incur.

Re:Easy fix (0)

Anonymous Coward | more than 8 years ago | (#15084163)

Better yet, just report Central European Time instead of UST. His Danish users can adjust their equipment for local time instead of universal, and
D-Link's customers can exchange their equipment under warranty. Maybe.

Re:Easy fix (2, Insightful)

gstoddart (321705) | more than 8 years ago | (#15084182)

If he can detect that the majority of connections are from D-Link products, then he can detect which connections are from D-Link products. The easy solution? Whenever a D-Link product connects, report a very very wrong time. :)

Except, he'd still end up paying the $8000 USD bandwidth fees for the privelege of lying to people he'd rather not be connecting to him in the first place.

An awfully expensive practical joke, don't you think?

So he's stuck paying the bill, unless he wants to disconnect his legitimate users.

Re:Easy fix (1)

forrestt (267374) | more than 8 years ago | (#15084222)

I was thinking of this with a twist. He could make it a signup service (you could even add your host's ip w/ a web page). Then the firewall rules wouldn't be very expensive. Then, everyone w/ a valid request gets the right time, and everyone else gets set to some random time in the early 1980's.

wrong easy fix. try this... (5, Interesting)

swschrad (312009) | more than 8 years ago | (#15084231)

send a private communication to the authentic users (not the robot moochers from D-Link) that on date X, the new IP service address will be unhacked.gps.dix.de or whatever suits him.

on date X, send bogus packets in response... not just wrong time, but seriously wrong time, like a packet with time of 9s in all fields, which would be most seriously wrong.

hopefully, it would lock up the offending junkpiles, and clear the problem right smartly.

the general idea in engineering an end to these things is to find a way to blow up the crooked machine by a seriously wrong entry that will screw up the internals. since they took an ugly and cheap shortcut by using firmware tables, they probably don't error-check their inputs from NTP and other services. so there should be a memory jump and a crash in those pirate boxes someplace.

and that puts the onus back where it belongs, on supercheap designers for obnoxious companies that don't give a shit about network etiquette. the market will punish them. that's how it should be for slap-happy outfits.

Re:Easy fix (1)

diamondsw (685967) | more than 8 years ago | (#15084238)

Someone didn't read the article. A third party consultant (hired at some expense) did the packet analysis, seemingly one-time. There is no feasible way to filter them in real-time in his environment. Meanwhile, unless it's done at the ingress routers or even farther up the chain, he's still going to be responsible for the bandwidth, which is the major expense.

NTP Server EULAs? (1)

samj (115984) | more than 8 years ago | (#15084068)

Since you can apparently sign your life away with a EULA, why not say in the T&C's for your NTP server(s) that any requests users cause that do not follow certain conditions will cost $1 each or something.

Hasn't anybody at D-Link heard of (5, Insightful)

bersl2 (689221) | more than 8 years ago | (#15084074)

pool.ntp.org?

Re:Hasn't anybody at D-Link heard of (4, Informative)

fruity_pebbles (568822) | more than 8 years ago | (#15084120)

The pool guys have been talking of implementing a $company_name.vendor.ntp.pool.org setup. Having the $company_name specificity would allow them some leeway if an individual vendor does something silly. I don't know if any vendors have bought into this though.

Re:Hasn't anybody at D-Link heard of (1)

Da Stylin' Rastan (771797) | more than 8 years ago | (#15084125)

Bah, you beat me to it.

I think that they may not, though, because there are a good amount of dead servers, at least on 0.us.pool.ntp.org and 1.us.pool.ntp.org. Most programs can work around this, but some don't.

Repost of Digg comment (4, Informative)

Bogtha (906264) | more than 8 years ago | (#15084088)

If there's one thing I hate more than incompetence, it's people who don't care that they are incompetent and carry on churning out crap regardless of the problems it causes others.

According to this page [dlink.com] , D-Link have an office operating in Denmark. This makes them subject to Danish law whether they like it or not. I don't know whether Denmark's computer crime laws cover this, but it wouldn't surprise me.

Re:Repost of Digg comment (1)

ktappe (747125) | more than 8 years ago | (#15084187)

Agreed. I don't see how D-Link is allowed to dictate where you can sue them. If they have an office in Denmark, sue them there. They must abide by the laws of any area where they are doing business (ie. have a "presence.") The crime is taking place in Denmark; the U.S.A. and Taiwan don't enter into the picture.

Best of luck,
-Kurt

Re:Repost of Digg comment (1)

slavemowgli (585321) | more than 8 years ago | (#15084191)

What exactly would be the crime, though? As much as I sympathise, I don't know what's legally wrong with what D-Link is doing. If you run a publicly accessible server, then you should expect the public to access it; and if you don't like that, take measures to prevent it from happening.

Of course, trying to talk to D-Link is not a bad idea, either, but if this was a crime, then one could just as well argue that it's a crime when Google crawls a website without explicit permission - and I'm not even talking about caching or indexing the page here, just about connecting to the web server at all.

see section:Why D-Link needs to ask for permission (1)

way2trivial (601132) | more than 8 years ago | (#15084431)


Service Area: Networks BGP-announced on the DIX
Access Policy: open access to servers, please, no client use
"Since D-Link does not comply with these restrictions, D-Link has no legitimate access to the server, and it follows trivially that D-Link should have asked for my permission before including it in the list embedded in their products firmware. "

that is why

Re:Repost of Digg comment (1)

jbolden (176878) | more than 8 years ago | (#15084205)

OK, keep going. Pretend it was in the US what's the crime?

Re:Repost of Digg comment (1)

phil reed (626) | more than 8 years ago | (#15084312)

Theft of service?

A couple of possibilities (0)

Anonymous Coward | more than 8 years ago | (#15084319)

1 - Unauthorized access to a server.
2 - Theft of a service.
Both of these are crimes in most jurisdictions.
The author pointed out the notice that limits legitimate access to the server.
The company has been explicitly told that their products aren't allowed to access the server. That's a lot like serving someone with a notice of trespass. The crime just got more serious.

Re:Repost of Digg comment (1)

Splab (574204) | more than 8 years ago | (#15084280)

Yes that it means he can sue in Denmark, but the problem about danish law is, even if you win, you really don't get that much compensation. And on top of that, he is offering a free service, granted he says "if you arent x, y or z you may not use this", the problem is again Danish law, you can't differentiate on customers, if you give something away for free to one customer, everyone has the right to claim same treatment. (That is why you will never see a coupon stateing "buy this, and get this for free" in Denmark, there are workarounds, but in his case everything is offered for free)

To be honest, the only move as far as I can tell is the geek community collectively boykot D-Link, and he changes the DNS of his server.

pool.ntp.org (2, Insightful)

martin (1336) | more than 8 years ago | (#15084093)

Should be using pool.ntp.org surely........

or am I being daft again..

Blacklist time (3, Insightful)

phil reed (626) | more than 8 years ago | (#15084101)

Time to add D-Link to the hardware vendor blacklist. Whenever you're asked by your non-tech friends what hardware they should buy, recommend anything BUT D-Link, and tell them to actively AVOID D-Link.

Re:Blacklist time (1)

larien (5608) | more than 8 years ago | (#15084225)

A week to late for me, unfortunately... Had I known, D-Link would have lost a sale. I'll have to check my router when I get home to see if it's one of the affected ones.

Re:Blacklist time (2, Informative)

bhtooefr (649901) | more than 8 years ago | (#15084314)

I already have done a complete 180 on recommending D-Link, since much of the D-Link equipment I use and work with has failed spontaneously.

And that was BEFORE this.

Re:Blacklist time (1)

Guppy06 (410832) | more than 8 years ago | (#15084438)

Tell them to get what instead, Linksys?

just change the DNS (0, Flamebait)

Anonymous Coward | more than 8 years ago | (#15084106)


and point it to Dlinks servers, perhaps when they are innundated with ntp request packets they will change their routers config in the future (or set their own one up with the millions of dollars they earn in "profit")

seems like a bit of a fuss over nothing, if you dont want people to use your NTP server then logic would dictate dont set one up in the first place

Re:just change the DNS (2, Insightful)

thinkliberty (593776) | more than 8 years ago | (#15084198)

if you dont want people to use your NTP server then logic would dictate dont set one up in the first place

That is one of the dumbest things I have ever heard.

Using your twisted logic there is nothing wrong with spammers sending people hundreds of thousands of unsolicited commercial email a day. If people don't want spam then they should not have set up an email address right?

I just bought a DI-624+ (3, Informative)

Aggrajag (716041) | more than 8 years ago | (#15084127)

The DI-624+ is not on the list and it is possible to manually change the NTP server which the router uses.

Re:I just bought a DI-624+ (1)

sconest (188729) | more than 8 years ago | (#15084211)

The same goes for the DI-624 (which is on the list)

Never buying D-Link again! (2, Interesting)

niskel (805204) | more than 8 years ago | (#15084129)

I have never once had a good piece of D-Link hardware. I bought both the DI-624 wireless router and the DWL-G520 PCI wireless card. First up the router didn't do UPNP properly; it simply did not work. A call to tech support told me to upgrade the firmware because they knew that UPNP simply didn't work. After the firmware upgrade, port forwarding didn't work at all either. No solution for the router yet. As for the wireless card. After installing it, my system would completely hardlock after about 5 minutes of use. I called D-Link tech support and had to deal with all the questions for clueless people such as "Do you have the drivers?" and "Is it plugged in right?". After being elevated two or three tiers of tech suport, I was finally able to get an RMA. I sent the card to D-link and waited a week or so for my new card. I plug in the new card and what happens? Same deal! Hardlock in 5 minutes of use! Now I have to wade through tech support all over again and end up getting another RMA. Wait another week; new card makes not one lick of difference. So I decide, I will just return the bugger to the store. The store wouldn't take it back because it has been 30 days since I baught the card! 30 days of tech support and RMAs. I call D-Link once more. This time I get to top level tech support and the guy said "Oh yeah, that card doesn't work with certain VIA chipsets, sorry.". I am quite annoyed because it says nothing of the sort on the box of the card. So I politely ask that since the card doesnt work as advertised if I could have a refund. He said "Oh no, we can't do that it is against our policy.". He then offered me an 802.11b card for a $15 administration fee.

Re:Never buying D-Link again! (1)

BenjyD (316700) | more than 8 years ago | (#15084323)

I have a similar thing with my D-Link DSL-300 modem - the connection gradually slows down and then dies completely every three days or so and I have to restart it. The no-name modem it replaced (which wouldn't forward GRE) kept the same connection up for months. Anybody know any better ADSL modems?

Re:Never buying D-Link again! (0)

Anonymous Coward | more than 8 years ago | (#15084371)

I had this same problem with the old linksys wireless gear not being able to do repeating properly or as advertised. They wouldn't give me a refund until I filed a complaint with the california attorney general's office. Two weeks later they called me up, explained that they knew they had bugs and hoped to have them fixed in future releases (which they had denied all along) and offered me a full refund.

What's the issue? (1, Funny)

Anonymous Coward | more than 8 years ago | (#15084138)

We're American. He's Danish. Problem sorted.

If he squeals again we hit him with a B 52. That's the American Way. Always sorts out any problems in the films.

Fishy (-1)

neoshroom (324937) | more than 8 years ago | (#15084144)

Negotiations with the DIX management are ongoing, but the current theory is that I will have to close the GPS.DIX.dk server or pay a connection-fee of DKR 54.000,00 (approx USD 8,800) a year as long as the traffic is a significant fraction of total traffic to the server.

I owe $5000 to an external consultant who helped me track down where these packets came from.

I have already spent close to 120 non-billable hours (I'm an independent contractor) negotiating with D-Link's laywers and mitigating the effect of the packets on the services provided to the legitimate users of GPS.dix.dk.

Finally I have spent approx DKR 15.000,00 (USD 2,500) on lawyers fees trying to get D-Link to negotiate in good faith.


And it never occured to him to systematically unplug each device to see if it was the one causing the problem and then spend $99 on a new router? Something seems mighty fishy to me.

__

Write My Essay [elephantessays.com]

Re:Fishy (1)

KarmaMB84 (743001) | more than 8 years ago | (#15084167)

wtf? try reading again. This is about thousands of home network routers ignoring the protocol standard and flooding his NTP server.

Re:Fishy (0)

Anonymous Coward | more than 8 years ago | (#15084177)

Ah, I don't think he has the time to go around unplugging every d-link router in the whole world.

Re:Fishy (2, Insightful)

rycamor (194164) | more than 8 years ago | (#15084183)

And it never occured to him to systematically unplug each device to see if it was the one causing the problem and then spend $99 on a new router? Something seems mighty fishy to me.

Either this is a very weak attempt at a troll, or an incredible demonstration of ignorance.

Re:Fishy (1)

antibryce (124264) | more than 8 years ago | (#15084310)


can't it be both?

Re:Fishy (1)

Slashcrap (869349) | more than 8 years ago | (#15084200)

And it never occured to him to systematically unplug each device to see if it was the one causing the problem and then spend $99 on a new router? Something seems mighty fishy to me.

Parent is retarded or unable to read. Please mod him down before someone wastes 2 minutes of their valuable time putting him right.

Re:Fishy (1)

richy freeway (623503) | more than 8 years ago | (#15084208)

What the hell are you going on about? The only fishy thing here is your understanding of the article!

He hasn't got a D-Link router. He runs an NTP server that thousands and thousands of D-Link routers are hitting for a time update.

Re:Fishy my *ss (0)

Anonymous Coward | more than 8 years ago | (#15084215)

And it never occured to him to systematically unplug each device to see if it was the one causing the problem and then spend $99 on a new router? Something seems mighty fishy to me.

Dear Idiot,
Did you even bother to RTFA? If yes, then please explain how you would suggest he unplugs every D-Link router on the list in all of the world. You should specifically address his technical reasons why he cannot filter or discern the traffic in question, and the economic consequences for him, if he continues to be in violation with the service agreement he has with the ISPs in Denmark.

You Sir, smell fishy.

The problem is not with his router. (0)

Anonymous Coward | more than 8 years ago | (#15084246)

What in the fucking hell are you talking about? You seem to think that the problem has to do with a D-Link router he bought. But that is not the case, as would be plainly obvious if you had even bothered to read the title of this news entry!

PHK is one of the main FreeBSD developers. He's known for writing excellent software, often making it available for free. The entire Internet community benefits off of his work. But beyond that, he runs a NTP server meant for use by systems in Denmark. Put simply, D-Link devices, many outside of Denmark, have been hard-coded (in firmware) to sometimes use his server. He does not want that to happen, for various reasons (clearly explained in his open letter).

The problem is not with some device that he purchased from his local electronics retailer. It's with certain D-Link devices which are abusing his service.

Re:Fishy (1)

compass46 (259596) | more than 8 years ago | (#15084263)

And it never occured to him to systematically unplug each device to see if it was the one causing the problem and then spend $99 on a new router? Something seems mighty fishy to me.

No, you seem to have not RTFA... These aren't his D-Link devices.

Re:Fishy (0)

Anonymous Coward | more than 8 years ago | (#15084315)

You have to be the biggest moron on the planet.

1.) Buy some rope (not too long)
2.) Loop one end of it around your neck
3.) Attach the other end securely to chimney of your house
4.) Jump off roof

Result: Net IQ of the planet Earth rises .0000000000000000000000001 percent.

Re:Fishy (3, Funny)

Mr. Vandemar (797798) | more than 8 years ago | (#15084320)

And just when I thought reading comprehension on Slashdot couldn't get any worse...

Re:Fishy (0)

Anonymous Coward | more than 8 years ago | (#15084403)

Can we have a moderation type "-1 Moron"?

Open servers a problem with certain users? (1)

digitaldc (879047) | more than 8 years ago | (#15084160)

Solution: Close them to those users.

Why didn't he take the "bribe"? (-1, Troll)

xxxJonBoyxxx (565205) | more than 8 years ago | (#15084169)

"After five months of fruitless negotiation with a D-Link lawyer (who alternately tried to threaten and bribe him)..."

So, DLink tried to PAY for their use of the NTP server and the NTP server custodian got pissed? Was the offer too low, or was the custodian just offended by the concept of "trade"?

Re:Why didn't he take the "bribe"? (4, Informative)

bloodredsun (826017) | more than 8 years ago | (#15084229)

Sorry to correct your rant, but he does say in TFA that the offer was so low that it didn't even cover his costs. That would be a good enough reason to say no wouldn't it?

Re:Why didn't he take the "bribe"? (1)

DES (13846) | more than 8 years ago | (#15084241)

They didn't offer to pay for the service. They first accused him of blackmail, then offered to pay him to stop bothering them. The amount was well short of what their snafu had already cost him, and at no point did they offer to simply remove his server from the list, which is all he asked for in the first place.

Why didn't you read the whole article? (1)

wjcofkc (964165) | more than 8 years ago | (#15084245)

Did you not read the whole article?

"I have also been offered a specfic amount of "hush-money" if I would just shut up and go away, but the amount offered would not even cover my most direct expenses."

Re:Why didn't he take the "bribe"? (1)

fader (107759) | more than 8 years ago | (#15084270)

TFA did mention that the amount they offered him was less than it costs him to deal with the influx of traffic they're shooting at him.

Re:Why didn't he take the "bribe"? (2, Informative)

sheehaje (240093) | more than 8 years ago | (#15084318)

.... Well, if you read the article....

It's not just about money, it's also about client routers using bandwidth meant for BGP routers used by ISP's. It's a public network, but one intended for ISP's to transfer Data, not for Client use.

He is asking for some reimbursement for the troubles he's endured, but D-Link is saying he is extorting them.

IMHO, it is a problem D-Link did cause by their incompetence, and what is being asked is reasonable. The problem won't go away totally, because it relies on the average joe customer to actually update firmware, and now he has to deal with the situation for a long time to come. To be able to continue his "free" service, he may now have to pay for bandwidth that was free to him before D-Link wrongly implemented a protocol feature in some of their routers.

Time to link (1)

missing_myself (857407) | more than 8 years ago | (#15084172)

Why dont they link: time.microsoft.com

D-Link ha! (2, Informative)

SpaghettiPattern (609814) | more than 8 years ago | (#15084185)

I own a D-Link Ethernet ADSL modem and guess what, the local IP adress is fixed to 192.168.0.1. Nope, no changing that thing. If I had known beforehand... I had to completely renumber my network. I only had 8 NICs and two LANs but was pissed off nevertheless.

Fairly simple fix (1, Redundant)

fataugie (89032) | more than 8 years ago | (#15084192)

Is the IP address hard coded? Or the name? Change whichever is needed and propogate the changes to the partners you want to connect. Seems much easier than beating your head against a wall...don't you think?

Please read *all* of the letter before posting. (0)

Anonymous Coward | more than 8 years ago | (#15084394)

Specifically search for and read the section about DIX, what it is and what it does. Are you seriously suggesting that we here in Denmark unplug the core NTP server for the Danish ISP companies? Thank a bunch and the same to you too.

Filter or unplug (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15084232)

What kind of self respecting geek is gonna spend his time negotiating with dlink corp. Just unplug the thing already or put a firewall that filters everything from dlink and everything not from Denmark.

They're clearly wrong here (5, Insightful)

MikeRT (947531) | more than 8 years ago | (#15084243)

So why didn't they just own up to the mistake, update the firmware and cut him a check for his expenses plus a 5% or so to apologize for the inconvenience? Bureaucrats and lawyers who cannot admit that they are wrong only end up creating more public disgust with their behavior. When you find yourself digging a hole, stop digging!

D-Link is just a bad net citizen (4, Interesting)

cdrudge (68377) | more than 8 years ago | (#15084244)

It's not the first time that D-Link's crappy programming has affected a service. DynDNS.com [dyndns.com] last year started blocking all update requests [dyndns.com] that match a user-agent of client/1.0, beleived primarily to be several D-Link routers. D-Link has been mum on a response last I heard.

What he should do.... (0, Redundant)

nother_nix_hacker (596961) | more than 8 years ago | (#15084276)

He should configure the servers to send back the wrong date (one in the future) to the d-link devices. This way customers would see problems and raise calls with d-link.

Interesting, but (1)

punkr0x (945364) | more than 8 years ago | (#15084328)

This doesn't explain why the time is always WRONG on my dlink router!

Wasn't this already patched? (2, Interesting)

kryptobiotic (451986) | more than 8 years ago | (#15084375)

I recently installed the new firmware for my 614+. It was released [dlink.com] on 3/20/06 and had the revision info "Fixed NTP." Does anyone know how to find out which NTP server the router is using?

Why not rename the server (3, Insightful)

91degrees (207121) | more than 8 years ago | (#15084404)

Change the DNS name. Granted, he gives reasons for not wanting to do this, but the only practical alternative is to shut down the server entirely. This will still require 2000 or so system administrators to reconfigure their servers, so he might as well provide a logical alternative.

OS fingerprint filtering with pf (2, Informative)

DeBeuk (239106) | more than 8 years ago | (#15084427)

FreeBSD uses pf (well, it can use pf if you want to) as a packet filter. It has the wonderful option to filter traffic according to the OS fingerprint, as in you can block traffic originating from specific operating systems. I'd advice this guy to block all traffic from these dlink devices.
If there's no fingerprint on record yet you could generate it yourself, it's not that difficult to generate one.

Stupid idea.... (2, Insightful)

JaJ_D (652372) | more than 8 years ago | (#15084434)

...why don't you change the one they (D-Link) use to (basically) lie about the time! Deliberatly send out the wrong information. Altered the config for the customers of dix and let the D-Link customers go mad at D-Link

Brutal but (in theory) affective....

Jaj
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>