Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

D-Link Settles Danish Time Dispute

Zonk posted more than 8 years ago | from the cash-out-your-chips-now dept.

192

igb writes "The Register reports that DLink has settled the time server dispute described a little over a month ago here on Slashdot. They're going to stop using an NTP server they're not really authorized to chime with, and they've reached an amicable settlement over the use by existing products. The details of the settlement are, not unsurprisingly, somewhat vague, but let's hope that the good guys aren't out of pocket any more."

cancel ×

192 comments

Sorry! There are no comments related to the filter you selected.

They should've known better... (5, Funny)

Anonymous Coward | more than 8 years ago | (#15310888)

than to challenge a Time Lord!

Re:They should've known better... (0, Redundant)

Instine (963303) | more than 8 years ago | (#15311061)

Leaching the TARDIS. Now there's the making of a great mashup.

Slashdot should know better (-1, Offtopic)

fistfullast33l (819270) | more than 8 years ago | (#15311194)

Than to post an old story [osnews.com] ...

Not much sympathy (-1, Troll)

EdMcMan (70171) | more than 8 years ago | (#15310917)

If you don't like it, don't put it on the internet. I'm not sure why D-Link is made to look like a villain. That's why these things are on the net: to be used.

Re:Not much sympathy (0, Flamebait)

Vyvyan Basterd (972007) | more than 8 years ago | (#15310982)

Fook, you're a dumbass. Strata One servers are not supposed to be used by Joe Bloggs dinky firewall.

They DDOS'ed a stratum-1 timeserver . . . (1)

mmell (832646) | more than 8 years ago | (#15311163)

by indiscriminately selling hardware devices which were preconfigured to use it inappropriately (at best, these guys should look to stratum-2 timeservers).

But if you have no problems with the DDOS aspect of this, let me know and I'll send you an e-mail attachment showing you how to be part of something bigger than your single server. ;^D

Netgear did the same thing a few years ago (5, Insightful)

dananderson (1880) | more than 8 years ago | (#15310945)

Netgear did the same thing with the University of Wisconsin Internet NTP's servers. [wisc.edu]

It's strange these companies can't afford to set up a few of their own NTP servers instead of overloading servers that don't have the bandwidth. It it's because they are clueless or they are cheap?

Re:Netgear did the same thing a few years ago (2, Informative)

ottothecow (600101) | more than 8 years ago | (#15310989)

Why dont they at least use the government supported ntp servers since then the users probobly still payed for it in taxes.

I currently use the Argonne national lab NTP server most of the time which is probobly government paid though it could be provided by the University of Chicago (though since my connection is on-campus, it makes the most sense).

Re:Netgear did the same thing a few years ago (0)

Anonymous Coward | more than 8 years ago | (#15311110)

Which government?

Re:Netgear did the same thing a few years ago (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15311251)

So, you're in college and can't spell probably?

Re:Netgear did the same thing a few years ago (5, Informative)

wowbagger (69688) | more than 8 years ago | (#15311111)

It it's because they are clueless or they are cheap?


Yes, and yes. They are clueless, and they are cheap.

That is why pool.ntp.org was created - to provide a pool of NTP servers that these bozos can use without hammering anybody's server too badly.

Re:Netgear did the same thing a few years ago (5, Informative)

MikeBabcock (65886) | more than 8 years ago | (#15311143)

These situations make no sense to me. The NTP system is very easy to use properly.

There's a great little website about how to use ntp.org servers [ntp.org] properly.

For the quick-fix people, point your NTP capable system at pool.ntp.org.

If you live in north america, you can use the north-america.pool.ntp.org dns name instead, for only north american servers. The same applies to other continents [ntp.org] and several country codes.

Basically, there's no excuse for hard-coding a time server in almost any situation, unless your client is completely incapable of DNS and has no access to external DNS servers.

Re:Netgear did the same thing a few years ago (1)

markild (862998) | more than 8 years ago | (#15311201)

[...] unless your client is completely incapable of DNS and has no access to external DNS servers.

touché, eh DLink?

Re:Netgear did the same thing a few years ago (2, Insightful)

MikeBabcock (65886) | more than 8 years ago | (#15311374)

... and that's the rub; this is a router. Surely in most cases its getting DNS information from an ISP by DHCP on behalf of its clients.

It could, you know, use that information to resolve pool.ntp.org properly.

PS, being a good netizen, I run a public NTP server that is listed on north-america.pool.ntp.org as well as ca.pool.ntp.org (being in Canada and all). I also have all my internal LAN clients query from that server, instead of the outside.

My public ntpd service is using very little memory (let me check; RSS: 4076, TRS: 433) and the bandwidth usage is not very high either [mikebabcock.ca] .

Re:Netgear did the same thing a few years ago (4, Interesting)

autocracy (192714) | more than 8 years ago | (#15311296)

It would be really nice to think that it's not that hard. Yet, somehow, as a member of the NTP pool, I just keep on having issues. At this moment, I'm supporting roughly 1500 clients. 35% of my resources to supply all those clients with acurate time are being used by 40 clients. In fact, the top 10 "abusers" are taking nearly 17%... and it's a good moment.

Re:Netgear did the same thing a few years ago (2, Interesting)

KiloByte (825081) | more than 8 years ago | (#15311796)

as a member of the NTP pool
[...]
At this moment, I'm supporting roughly 1500 clients

Somehow, I find this value flawed. On my server [ntp.org] , also in the pool, I logged requests from 161683 different IPs within just the first 24 hours after joining the pool; thus, only those who just resolved the name accessed it. Most NTP clients do a DNS lookup only once during the startup, thus I expect the usage to increase over time.

I'm in the pool for just over a month; I'll turn on logging for another day to gather the new data.

On the other hand, the percentage values about abusers are roughly the same here.

Re:Netgear did the same thing a few years ago (0)

Matt Perry (793115) | more than 8 years ago | (#15311522)

These situations make no sense to me. The NTP system is very easy to use properly.
[...]
Basically, there's no excuse for hard-coding a time server in almost any situation, unless your client is completely incapable of DNS and has no access to external DNS servers.
The question that we need to be asking is, "how do we prevent abuse of NTP servers, either by malicious intent or by accident, so that these issues do not happen again?" AFAIK, ntpd has a method to allow name servers to only serve clients that are specifically authorized. Why would a stratum 1 time server allow open access which could, and did, lead to this type of abuse? With proper confiuration such queries would be denied.

Re:Netgear did the same thing a few years ago (1)

NickFitz (5849) | more than 8 years ago | (#15311807)

But the request and its denial also consume bandwidth, which was the original problem.

Re:Netgear did the same thing a few years ago (3, Informative)

tinkerghost (944862) | more than 8 years ago | (#15311887)

Proper queries are only denied & not re-made if the client follows the rules.
If you check the original artical, D-Link routers do not recognize the kill request, and they re-request very quickly. So yes, he configured the NTP server correctly, AND he posted restrictions on the NTP site correctly, AND D-Link said we don't care.
It's essentially a DDOS attack on the server. There are thousands of hits with correctly formed NTP requests coming in every second - 98% of which should be directed elsewhere.

Re:Netgear did the same thing a few years ago (1)

Matt Perry (793115) | more than 8 years ago | (#15312116)

If you check the original artical,
Which provides a link to here [freebsd.org] which no longer contains any information.
D-Link routers do not recognize the kill request, and they re-request very quickly. So yes, he configured the NTP server correctly, AND he posted restrictions on the NTP site correctly, AND D-Link said we don't care.
So D-Link units were making a NTP request, the request was denied by the server, but the D-Link engineers put it in their list of NTP servers anyway?

Re:Netgear did the same thing a few years ago (1)

damiangerous (218679) | more than 8 years ago | (#15312249)

Denying the queries is irrelevant. The issue was traffic. This guy runs a small server and was given access to the Danish Internet Exchange on the condition that his bandwidth usage would be minimal. By the time the query gets to his server to be denied, the bandwidth is already used.

Re:Netgear did the same thing a few years ago (0, Offtopic)

noidentity (188756) | more than 8 years ago | (#15311554)

Now when will Slashdot use MirrorDot [mirrordot.org] or Coral Cache [coralcdn.org] for links from articles, instead of bringing down small sites?

Re:Netgear did the same thing a few years ago (0)

Anonymous Coward | more than 8 years ago | (#15311657)

Never. MirrorDot is not affiliated with Slashdot nor any of the sites being mirrored. The Coral Cache is a completely inappropriate solution to the problem. Now shut up and never ask again.

They already lost at least $120 in sales (5, Interesting)

Omnifarious (11933) | more than 8 years ago | (#15310952)

And likely more. I've been telling my friends not to buy them, and I know of at least one buying decision that was made specifically for that reason that cost them $120 worth of sales of USB wireless adapters.

Re:They already lost at least $120 in sales (1, Insightful)

HFShadow (530449) | more than 8 years ago | (#15311033)

Somehow I doubt you and your friends boycott is going to cost them as much money as running their own NTP server would ;)

Re:They already lost at least $120 in sales (2, Informative)

lotsotech (848683) | more than 8 years ago | (#15311156)

I've told my friends (and my company) to avoid buying their stuff because it's junk (IME) We used to spec D-Link because one of our distributors already carried it and I'm fairly certain I've since swapped most all of it to Linksys or Netgear which are both more or less equal to me.

Re:They already lost at least $120 in sales (0)

Anonymous Coward | more than 8 years ago | (#15311560)

$90 for me, so far.

I bought Dlink for my 10/100 setups years ago, from the DFE-530tx and their quad nics (DFE-570/580tx). Linksys, Netgear, and SMC cards purchased from about the same time have long since died.

Recently started to migrate to gigabit. I didn't really need to, but I do transfer 4gb+ files regularly. Given the price drops and rebates out there, and onboard networking on most motherboards have been supporting them for some time now. Looked at Dlink, remembered this NTP issue, went with Trendnet and SMC stuff.

Even the security stuff, like wireless and IP cameras, which I'll probably grab late summer, I'm looking away from Dlink for the time being because of this. Might be small change and minor to them, but then why support bad behavior esp. from a company that should damn well know better?

Re:They already lost at least $120 in sales (1)

yeknum (974315) | more than 8 years ago | (#15312123)

As long as they're rectifying it, who cares.. Dlink products, for my clients and I, have always been good.. much more reliable than the other popular, more expensive brands

They should of bought him a server (0)

Anonymous Coward | more than 8 years ago | (#15310954)


hopefully they bought him a server and bandwidth, that would cost them less than 1 executives monthly wage, some companies/individuals are so greedy that they become blinded by their very existance

money really is everything to some people, at least criminals have ethics unlike the "your fired" generations

Their reputation preceeds them (1, Funny)

Anonymous Coward | more than 8 years ago | (#15310965)

Their hardware is crap. I've had their routers overheat and die, I've never seen a D-Link wireless setup that could be considered stable. I've owned network cards from D-Link that prevented another computer connected, by way of a crossover cable, from booting DOS. Let me repeat that: A D-Link card was sending out enough junk that it prevented a different computer from booting.

The bottom of the article says "D-Link remains committed to being a good corporate and network citizen." Screw that. They have never been either of these things they are "committed" to.

I, Anonymous Coward (the most prolific poster Slashdot has ever seen) hereby "commit myself to never purchase, recommend, or in any way interact with D-Link and their products, as much as possible, until such time as hell freezes over."

Re:Their reputation preceeds them (-1, Redundant)

madsenj37 (612413) | more than 8 years ago | (#15311123)

I have only used one D-Link router for daily access. It has wireless encryption setup and runs great. It is at my mom's house with no problems over the last two years. I also recommended two friends get a D-link, helped set it up for them and have never heard of them having any problems. Linksys routers on the other hand...

Re:Their reputation preceeds them (1)

Intron (870560) | more than 8 years ago | (#15311986)

Did you check what time server it is using? Firmware updates to fix this problem are on the DLink website.

Re:Their reputation preceeds them (4, Informative)

John Miles (108215) | more than 8 years ago | (#15311217)

Agreed. D-Link appears to occupy a point on the cost-quality curve that ultimately costs more in hair-pulling time than it saves in cash. Their products may be OK for lightweight use at home, but they can really give you fits in a more demanding environment.

Case in point: we recently put a bunch of DGS-1008D 8-port gigabit switches into service, and immediately started having problems with dropped Ethernet connections. Our laser printer was sucking down enough power at the onset of its fuser-warmup phase to trigger a nearby UPS momentarily. The resulting switchover transient lasted only a few milliseconds, but it was enough to reset the DGS-1008D. After a LOT of tail-chasing, it transpired that the (cheap-ass linear) wall-wart supplies that D-Link ships with the DGS-1008D lack sufficient filter capacitance to absorb even the slightest power glitch under high-load conditions (e.g., when there are several cables plugged into the switch.)

We took a few of their power supplies apart and found that the oldest ones -- which didn't have the problem -- used a 2000-uF filter capacitor at the rectifier output. At some point, they saved 10 cents by moving to a supply with only 1000 uF, rendering their product useless in many real-world office environments.

This isn't supposed to be a general "let's all bag on D-Link" thread, but hey, if the shoe fits...

Re:Their reputation preceeds them (1)

mmell (832646) | more than 8 years ago | (#15311227)

Let me repeat that: A D-Link card was sending out enough junk that it prevented a different computer from booting.

Hmmm . . . so that different computer had network connectivity before it was booted? Or were you attempting to boot across a network?

Was it a Windows-based computer you were attempting to boot? If so, the problem may well have been Windows, rather than the router. Upon startup, Windows sends a 1-byte ping to a server within the microsoft.com domain, ostensibly to confirm network connectivity (no comments on the deeper ramifications of the "phone home" activity here). Could be that Windows saw a network link but got upset when its ping neither returned nor got closed, but was rather dropped quietly on the floor (you did say you had a crossover cable connected, yes? What were you crossover'ed to, and why? That doesn't sound like a very standard configuration.)

Re:Their reputation preceeds them (0)

Anonymous Coward | more than 8 years ago | (#15311277)

Upon startup, Windows sends a 1-byte ping to a server within the microsoft.com domain,

BS. Documentation?

Observed behavior. (1)

mmell (832646) | more than 8 years ago | (#15311358)

I first saw it under Win98 back in 2000; no reason to believe anything's changed.

Re:Their reputation preceeds them (1)

spyrochaete (707033) | more than 8 years ago | (#15311334)

Maybe it was a network bootable computer with a PXE card.

For fun (0)

Anonymous Coward | more than 8 years ago | (#15311504)

For the fun of it, let's go through with what we had:

A friend of mine was having some trouble with a couple of machines at his house. I grabbed my testbed and a laptop from the shop and popped on over. I find he has no hub when I get there, oh no, so we just go with the crossover cable he was using to tie his two machines together.

The ill-fated pair was like this:
Machine A: His computer, with D-Link DFE-530tx (something like that)
Machine B: My testbed, with a 3Com some-such and a load of DOS based diagnostics (Win98 also available, but not used in this situation).

We hook his machine up to mine, he's up and running in Windows, I try to boot mine into DOS. Oh no, it just hangs and does nothing. Try the laptop. Same thing. Unplug my machine from the crossover cable, boots up fine. Plug in crossover cable, reboot, just hangs. See a pattern forming. Try the crossover cable between my testbed and the laptop. No problem. Remove the D-Link card, substitute with the card (Intel) from his upstairs machine. Test bed and the now Intel-ed computer talk just fine, both boot no problems.

There's bad hardware, then there is BAD hardware. Don't get me wrong, I make decent chunk of change for service calls to my customers, some of the calls for D-Link related problems (but I won't insult you by claiming it is the majority of the calls). But I will NOT screw up my and my busines' reputation by ever, EVER suggesting or recommending D-Link.

I still don't see why ANYTHING on the network... (1)

mmell (832646) | more than 8 years ago | (#15311676)

interface should interfere with the normal boot process, especially a boot to DOS.

The BIOS shouldn't even be aware of the network - it's just a bunch of random signals on a PCI bus at this point.

The bootloader shouldn't care about the network - unless you're doing a network boot, it probably doesn't even know about networks.

The OS could get confussed . . . attepmting to use ARP/RARP/BOOTP/DHCP (or perhaps any of a half-dozen other services which it might expect).

I don't suppose you captured any of the bogus traffic which caused this problem (using snoop/tcpdump/whatever)? I'm not sure I understand why a network card would create traffic on its own, let alone how that bogus traffic could prevent the routine booting of a separate system.

Nope... (0)

Anonymous Coward | more than 8 years ago | (#15312019)

Nope. It was a few years ago and I left it as just a bizarre hardware failure. Remove the D-Link network card, replace with an Intel one, the whole system works fine afterwards. For all I know, it somehow shorted out internally into a cyclotron and was pumping out X-Ray radiation that left me sterile. I don't have kids yet.

I think the brand name just has a curse on it. Or it was sending nasty voltage. Don't know, don't care.

Re:Their reputation preceeds them (2, Funny)

Tony Hoyle (11698) | more than 8 years ago | (#15312139)

Windows sends a 1-byte ping to a server within the microsoft.com domain, ostensibly to confirm network connectivity

Years ago, Bill Gates said 'If only I had $1 for every time a windows server rebooted..'

And the rest is history.

Re:Their reputation preceeds them (1)

freeweed (309734) | more than 8 years ago | (#15312228)

Upon startup, Windows sends a 1-byte ping to a server within the microsoft.com domain

And what does Windows do when this ping packet gets dropped?

I ask this because I've ran Windows machines behind some very restrictive firewalls in the past which drop all ICMP type 0 and 8 packets (inbound and outbound), and these machines worked just fine. No booting issues, no network issues. In fact, many ISPs now do this as well.

Can anyone confirm this? I've never noticed a "1-byte ping" to anything within microsoft.com while sniffing my LANs.

Amen - wireless crap (1)

coinreturn (617535) | more than 8 years ago | (#15311241)

We used a Belkin wireless router for quite some time with a cable modem - no problems. In comes Verizon with FIOS and they give us a free D-Link wireless router. My wife was constantly complaining about dropped connection. I tried relocating the D-Link all over the place to no avail. We switched back to the Belkin and BAM no problems at all. I give D-Link a grade of..."D"

Re:Amen - wireless crap (1)

IEEEmember (610961) | more than 8 years ago | (#15311365)

The Verizon installer specifically mentioned that FIOS TV will require the use of the D-Link router. A statement supported here [aubreyturner.org] by an aware user.

If you plan to get FIOS TV in the future, don't throw that D-Link away.

Having used preview it appears the link above http://www.aubreyturner.org/index.php?/orglog/eyeg lazing_geek_stuff/ [aubreyturner.org] does not accept referrals from Slashdot.

Re:Amen - wireless crap (1)

coinreturn (617535) | more than 8 years ago | (#15311480)

Thanks for the heads up. Being a true nerd, I never throw hardware away (much to my wife's chagrin). I figure I can always run the Belkin to one of the ethernet ports on the D-Link, so I'll have two wireless networks. With different channels set, I shouldn't have any problems. We already see several other wireless networks in our neighborhood, which makes me consider subletting my FIOS service out.

Same here - DI 784 (0)

Anonymous Coward | more than 8 years ago | (#15311655)

It worked pretty well at first, but the number of dropped connections and strange pauses started to increase. At first I thought it was just a lot of traffic on the network. But I realized that if I reset it, things were ok for about five minutes. Then, after months of that, it started going crazy: LEDs blinking in order and it wouldn't respond even on the wired Ethernet. So I reset the firmware. Didn't help.

I presume there is some part of the hardware slowly failing or it is overheating (because it is ok for a few minutes). But no matter how I orient it it still fails.

A real piece of junk.

That's weird (1)

Andy Dodd (701) | more than 8 years ago | (#15312009)

I've used wireless hardware from the following manufacturers:

D-Link - DWL-650, DWL-G650, DI-624
The original 650 wasn't a stellar performer but it wasn't horrible. The G650+624 combo was pretty decent. I only returned it in favor of waiting to see where things went as far as MIMO gear.

Belkin - Can't remember, it was a b-only router
Utter crap. Couldn't last more than 2-3 days without crashing. Died permanently in just over a year.

Microsoft - MN500
In true Microsoft tradition, their software may be crap but their hardware products are actually decent. The MN500 was the most solid and consistent performing 11b kit I have used so far.

Netgear - WPN824 router + WPN511 NIC
Stellar. Utterly stellar. I love the 824. WPN511 is only retired due to the fact that my new laptop has a built-in Intel PRO/Wireless 8945 a/b/g NIC.

Not Vague At All (4, Insightful)

TubeSteak (669689) | more than 8 years ago | (#15310968)

... D-Link's existing products will have authorized access to Mr. Kamp's server, but all new D-Link products will not use the GPS.Dix.dk NTP time server. D-Link is dedicated to remaining a good corporate and network citizen.
Allow me to translate: He got paid.

Part of the settlement involves him putting on his website "D-Link is dedicated to remaining a good corporate and network citizen."

Otherwise, considering his previous level of frustration, there's no chance he would shill for them like that.

Re:Not Vague At All (1)

Zephyros (966835) | more than 8 years ago | (#15311041)

Sounds to me like a c/p of a press release - it's got the same Corpspeak feel.

As for getting paid...wasn't that the point? I just hope they'll continue to take care of the bandwidth bill they're causing for as long as their routers are "authorized" to hit the server. I'd guess that was one of the terms of authorization.

Re:Not Vague At All (1)

Zephyros (966835) | more than 8 years ago | (#15311072)

Ah ha, found it [dlink.com] .

Re:Not Vague At All (1)

raitchison (734047) | more than 8 years ago | (#15311052)

And he should have been paid, he needed to be reimbursed for his costs as well as future costs for the hoardes of D-Link gear already out there with his servers configured in their firmware.

Granted D-Link could and likely will correct the issue with firmware upgrades most people don't upgrade the firmware unless they are having a problem or maybe if they are redeploying a device. It's likely that in 10 years time there will still be D-Link devices out there trying to query his NTP server.

Re:Not Vague At All (1)

Feyr (449684) | more than 8 years ago | (#15311206)

unlikely, these devices are meant to fail after a year or two. it is safe to assume that in 5 years all but a very (lucky) few number of them will have been replaced.

and don't forget that people will probably want to upgrade to get the shiny new lastest wireless 802.11bgnxyz

Re:Not Vague At All (2, Informative)

raitchison (734047) | more than 8 years ago | (#15311344)

Well don't tell any of my devices, cause all of them are over 2 years old, many of them over 5 years old. Heck my "public segment", where the DSL modem (6 years old), broadband router (4 years old) and VPN device (4 years old) connect is a 15 year old 10Base-T ethernet hub. Your experience must be with Linksys, I always keep a spare D-Link broadband router on a shelf ready for when a friend or relative calls after their "Internet doesn't work" because their Linksys router fried itself. I'm continually amazed how many people think that because Linksys costs more (and now sports the Cisco logo) that it must be better.

Re:Not Vague At All (1)

TheJediGeek (903350) | more than 8 years ago | (#15311844)

I wish I had mod points.

I've seen many problems with Linksys routers yet so many people continue to swear by them. I've mostly used D-Link for about the last 5 or 6 years. The only problem I had was a REALLY old router would need to be reset about every month or so. I think that problem went away when I upgraded the firmware, but I upgraded to a new spiffy 802.11b wireless router shortly after.
I'm using a DI-614 router now and haven't had any problems.

Re:Not Vague At All (1)

Tony Hoyle (11698) | more than 8 years ago | (#15312045)

Linksys went down the toilet when cisco took them over, basically. Their old stuff was flawed but it generally worked OK... after the cisco takeover they just removed the 'worked ok' bit.

cisco hardware aint that good, but their support (provided you pay for it) is the best out there... which is why people swear by it. linksys is cisco without the support.

ObPA (1)

Rob T Firefly (844560) | more than 8 years ago | (#15311266)

Do you like his hat? It's made of money!

Re:Not Vague At All (3, Interesting)

Uncle Rummy (943608) | more than 8 years ago | (#15311307)

He also took down the entire description of the problem D-Link caused, which used to reside at that URL. Considering how pissed he was, they must have paid him well, indeed.

not unsurprisingly (5, Funny)

boldtbanan (905468) | more than 8 years ago | (#15310988)

The details of the settlement are, not unsurprisingly, somewhat vague...
I do not think that means what you think it means

Re:not unsurprisingly (1, Funny)

Anonymous Coward | more than 8 years ago | (#15311279)

Not unsurprisingly, only one grammar nazi caught this unsurprising error in a /. summary.

Public? Server (0)

simpleGeekMan (972600) | more than 8 years ago | (#15311006)

Seems to me that if you run a (public) NTP server with a publicly available IP address and/or DNS resolution, that means anyone (public) can use the (public) service - no?

Re:Public? Server (3, Informative)

Binestar (28861) | more than 8 years ago | (#15311034)

Seems to me that if you run a (public) NTP server with a publicly available IP address and/or DNS resolution, that means anyone (public) can use the (public) service - no?

No.

Re:Public? Server (1, Informative)

Anonymous Coward | more than 8 years ago | (#15311051)

More like you can configure your own router to talk to it, but what Dlink did wasn't a public thing. As a private corporation, they turned tens to hundreds of thousands of devices at it.

If each user had done that by themselves it would be a different game, since Joe Q. Public was doing it, but D-Link hardcoded it in.

Re:Public? Server (0, Troll)

simpleGeekMan (972600) | more than 8 years ago | (#15311086)

OK? I still don't see what's wrong with that. It is an open service this guy has available to anyone (singular or plural). DLink is merely using the free service that is available to the public - without bypassing security of any kind...seems like it is fair game to me..

Ignorance is no excuse. (0)

Anonymous Coward | more than 8 years ago | (#15311167)

Perhaps then, if it still seems ok, you should do a little reading instead of trying to apply uninformed logic to the question.

http://en.wikipedia.org/wiki/NTP_vandalism [wikipedia.org]
http://www.oreillynet.com/onlamp/blog/2006/02/help _save_the_endangered_time.html [oreillynet.com]
http://www.pool.ntp.org/ [ntp.org]

Stratum 1 is to be only used by stratum 2. Joe Blow worldwide is not stratum 2. Clear violation of access policies here.

Re:Public? Server (5, Insightful)

freshman_a (136603) | more than 8 years ago | (#15311218)

His NTP server access policy explicitly limited use of said server to the Danish Internet Exchange (DIX). In return, DIX provided him with a free internet connection for his NTP server. Because D-Link was sucking so much bandwidth, DIX told Kamp he would have to pay yearly for the connection. D-Link disregarded his server policy and abused his server. That's why it's a problem.

Also, his server is a Stratum 1, and, while not explicitly written, the D-Link devices should getting the time via a Stratum 2 server. At least, that's how it's commonly done.

Does that help explain things better?

Re:Public? Server (1)

routerguy666 (926506) | more than 8 years ago | (#15311854)

Since he was dealing with a known user base, he could have actually put some teeth in his acces spolicy with a one line firewall rule only allowing DIX subnets to access the box.

Taping a note to your front door that reads 'only enter if you live here' doesn't accomplish a lot if you leave the door open all the time.

Re:Public? Server (1)

SkipRosebaugh (50138) | more than 8 years ago | (#15312091)

That would hardly have done any good. Dropping the packets once they reach his network is of no use, since the damage is already done. The problem is the bandwidth consumed to reach his network.

Re:Public? Server (1)

Secrity (742221) | more than 8 years ago | (#15311445)

Even if the owner of an NTP server that had it's address hard coded into any mass marketed device was cool with it, hard coding NTP server addresses into a device is a very bad practice. In some cases the effect could be the same as a DDOS that won't stop.

D-Link's use of that poor guy's "free" service that was intended to service about 2,000 organizations in Denmark was costing the guy about $1,000 US a month. I guess that it will be OK with you if next halloween that I bring busloads of kids to your house to get all of the free candy that you will be handing out. Make sure that you buy enough candy as you won't want to run out.

When people put something out that is "free", they also also have the right to stop providing that something for free. If he had shut off his NTP server or changed the address; not only would his users be inconvenienced, but the users of the D-Link product could have been inconvenienced as well. I wonder what the downside is when these D-Links can't find the NTP server. I would hope that the thing would just sit there, refusing to operate until it can find the hardcoded NTP server and set it's internal clock.

Public yes, but with permission (2, Informative)

dananderson (1880) | more than 8 years ago | (#15311076)

Most public NTP servers require permission prior to use. The list of public NTP servers have an email address or webpage form to use prior to using their NTP server.

The reason for this is to avoid problems like this, where the NTP server is overloaded or the NTP client is mis-configured and overloads the server or network.

Re:Public yes, but with permission (0)

Anonymous Coward | more than 8 years ago | (#15311169)

Why don't they force permission, using a firewall?

Re:Public? Server (4, Informative)

Aladrin (926209) | more than 8 years ago | (#15311089)

Public or not, you have to follow the rules. It is pretty well known that only 'Stratum 2' NTP servers are to use 'Stratum 1' NTP servers. This is not just a 'because we want it that way' policy. There are many good reasons for this.

http://en.wikipedia.org/wiki/NTP_vandalism [wikipedia.org]

Re:Public? Server (1)

simpleGeekMan (972600) | more than 8 years ago | (#15311173)

Thanks for the wiki link - very informative...I stand corrected.

Re:Public? Server (1)

penguin-collective (932038) | more than 8 years ago | (#15311654)

Public or not, you have to follow the rules.

"Have to" in what sense? In the sense that people bitch at you if you don't, then yes. "Have to" in the sense that there is some special rule for NTP servers that allows them to define acceptable use policies without getting a legal agreement, well, that hasn't been resolved.

Re:Public? Server (1)

Carl T (749426) | more than 8 years ago | (#15312015)

Are you saying that unless you and I have an agreement explicitly forbidding me to do so, I am free to hack into your computer, ping flood you off the net and torch your mother's house?

Re:Public? Server (0)

Anonymous Coward | more than 8 years ago | (#15311862)

Isn't any server that uses a stratum 1 server by definition a stratum 2 server?

Re:Public? Server (1)

NoName Studios (917186) | more than 8 years ago | (#15311149)

http://yro.slashdot.org/article.pl?sid=06/04/07/13 0209 [slashdot.org] http://yro.slashdot.org/comments.pl?sid=182481&cid =15084265 [slashdot.org] http://en.wikipedia.org/wiki/NTP_vandalism#D-Link_ incident [wikipedia.org] D-Link was connecting to stratum-1 time server, basically the best of the best time servers. Not even my time is synchronized with a stratum-1, it starts at least 2 or lower.(I imagine it is probably 3, but I can't tell.) Basically D-Link firmware was connecting up to this high end time server that was stated in their policy as only being allowed to be used within the DIX network and D-Link was using a lot of traffic.

Re:Public? Server (1)

FrostyWheaton (263146) | more than 8 years ago | (#15311220)

Seems to me that if you run a (public) web server with a publicly available IP address and/or DNS resolution, that means anyone (public) can hotlink your images and steal all the bandwidth they want

What's the difference? Of are you the sort of person that doesn't see a problem?

Re:Public? Server (0)

Anonymous Coward | more than 8 years ago | (#15311724)

Why? people are using http as intended. If you don't intend resource linking, then use some sort of anti-hotlinking script.

Re:Public? Server (4, Informative)

tinkerghost (944862) | more than 8 years ago | (#15312160)

Check the NTP page, there are public (open) servers and there are public (restricted) servers. There are also 3 layers of service,
  • Stratum 1 are principle time servers for a region & directly query atomic clocks.
  • Stratum 2 are general use for large regions or institutions - generally they should only be contacted by Stratum 3 servers - clients only as a last resort.
  • Stratum 3 are the generic NTP servers of the internet - if you're an end client you should be talking to a Stratum 3 unless none are available/unrestricted for your use.
D-Link SOHO routers do 3 things wrong.
  • They don't follow the NTP protocol for requests to stop using the service.
  • They ignore the restrictions place on the server usage - in Denmark, for use by ISP or Stratum (2/3) requests.
  • They hit a Stratum 1 NTP server as an end client.
So no, if you run a public NTP server that you have dutifully entered restrictions on, you are expecting everyone who comes to you to obey the NTP protocol. That includes following the restrictions, listening to the go away requests, and following the basic rules of who to talk to.
[Analogy type=bad]
In the US there are a number of parking spaces set asside for handicapped parking in almost every parking lot. Physically you can park there if you are not handicapped, but you're not supposed to (covers both ignoring restrictions and a client talking to a Stratum 1 server). If the manager of the parking lot tells you to get your car out of the spot - you should do that(refers to the kill request in the NTP protocol). In the real world if it get's this far, the cops come & give you a ticket. On the net you get open letters calling you an arogant prick who can't be bothered to figure out the basics of the protocols you are boasting about
[/Analogy]
For the record the Danish server was not the only Stratum 1 server they hit, they appear to have taken the Stratum 1 list (almost all of which restrict usage to Stratum 2 servers) and shoved it into the routers for general use - hardly the "Good internet citizen" they claim to be.

What I would have done (4, Funny)

ch-chuck (9622) | more than 8 years ago | (#15311080)

Is silently migrate my legit users to another ntp server and then set the D-Link'ed ones to something like Klingon time or something bizarre, streach 8 hour days to 10 hours, etc. Of course that wouldn't solve the excess traffic, but you can get creative with revenge, especially when you're in the right.

Re:What I would have done (4, Funny)

PayPaI (733999) | more than 8 years ago | (#15311212)

Yes, because everyone is going to be so confused that their router is set to the wrong time that they will go out and buy a competitors product.

Re:What I would have done (1)

Anita Coney (648748) | more than 8 years ago | (#15311329)

Oh fucking god that was funny!

Re:What I would have done (2, Informative)

spyrochaete (707033) | more than 8 years ago | (#15311244)

In the last story the server admin stated that he couldn't change the address because it would involve far too much work. Many people rely on his services and it was costing him enough out of pocket as is.

What about Microsoft? (0, Troll)

Bob Cat - NYMPHS (313647) | more than 8 years ago | (#15311177)

The "Internet Time" tab on the date/time systray control lets you sync with time.nist.gov which is not supposed to be used by clients.

Re:What about Microsoft? (2, Informative)

ch-chuck (9622) | more than 8 years ago | (#15311246)

What do they say that? [nist.gov] - Sound like they go out of their way (advice about firewalls, etc) to let taxpayers "Set Your Computer Clock Via the Internet".

Re:What about Microsoft? (1)

resonantblue (950315) | more than 8 years ago | (#15311684)

besides, the default time server is time.windows.com. nist is the alternate choice.

NTP Pool for Vendors (3, Informative)

Anonymous Coward | more than 8 years ago | (#15311203)

There is now a way for vendors to use the NTP pool. See http://www.pool.ntp.org/vendors.html [ntp.org] for details.

This should have been solved with a check. (3, Insightful)

CFD339 (795926) | more than 8 years ago | (#15311234)

Someone at D-Link should simply have realized the mistake and paid for a few very fast servers to sit at a hosting facillity and respond to the requests -- and all the requests already using that service -- for as long as the Danes were willing to point the DNS entry for that server to them.

In the scheme of things, and from a marketing perspective, anything else is stupid and a waste of good will.

Re:This should have been solved with a check. (1)

Himring (646324) | more than 8 years ago | (#15311946)

I'm sure they're willing. They're great danes....

Hmmm, "Not unsurprisingly..." (1)

dr_canak (593415) | more than 8 years ago | (#15311318)

If something is "not unsurprising" doesn't that mean it was surprising? Like it was suprising that the details of the settlement were so vague?

I don't know. I'm just asking. Irregardless, I could care less...

Re:Hmmm, "Not unsurprisingly..." (1)

igb (28052) | more than 8 years ago | (#15311775)

Hey, I was on my way out of the office! I meant ``not surprisingly'', but probably had a hash-clash with that oft-used phrase ``not unattractive''...

ian

Re:Hmmm, "Not unsurprisingly..." (1)

dr_canak (593415) | more than 8 years ago | (#15312170)

LOL,

I forgot about "not unattractive" :-)

take care,
jeff

wow (0)

Anonymous Coward | more than 8 years ago | (#15311355)

I haven't heard "out of pocket" since the early 90's.

I've often wondered about this (1)

Illbay (700081) | more than 8 years ago | (#15311477)

Just how "out of pocket" are you if someone "chimes" with your NTP server?

I realize a few years back, when bandwidth came at appreciable cost, this might have been the case, but now?

Re:I've often wondered about this (2, Interesting)

Vyvyan Basterd (972007) | more than 8 years ago | (#15311711)

$8000 a year isn't exactly chump change for most people.

Re:I've often wondered about this (1, Informative)

Anonymous Coward | more than 8 years ago | (#15311931)

If I remember correctly from the open letter written to D-Link from the original /. posting [slashdot.org] the cost was substantial because by violating the terms of use for the NTP server D-Link caused Poul-Henning Kamp's NTP server to no longer be eligible for a special agreement he had regarding the cost of his bandwidth usage. That letter, of course, is no longer posted most likely because of the settlement agreement.

resolved without legal action (1)

penguin-collective (932038) | more than 8 years ago | (#15311780)

What D-Link did was unprofessional and irresponsible, they should be condemned for it, and Kamp had every right to complain to them. Nevertheless, it's good that this has been resolved without legal action. If Kamp had actually prevailed in court, it might have set a dangerous precedent: Linux distributions are distributed with hundreds of preconfigured links to all sorts of sites. Generally, those sites have agreed to that, but if their ownership or their policies changed, this could cause serious trouble for the distributor.

Continue the boycott (0)

Anonymous Coward | more than 8 years ago | (#15311858)

I'm sorry, but given his statement about "good corporate citizens", I'm assuming that the jackass lawyers at DLink tried to force a settlment rather than risk more bad PR they said "here's the cash if you STFU forever"

Reading between the lines, D-Link only acted like "good corporate citizens" to benefit their sales and shareholders after bad press, not because it was ethical to do so.

Sorry, I will maintain my stance of no more D-Link products on my personal systems, and I certainly will never recommend one where I work--Until D-Link discloses full details of the settlement, issues a public apology, and contributes back to the community they tried to screw over.

When you respond to a request to stop being so evil with greater evil...the original apology requested is no longer sufficient.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>