[time-nuts] D-Links NTP server vandalism

Dr. David Kirkby david.kirkby at onetel.net
Tue Apr 11 14:20:06 UTC 2006


Poul-Henning Kamp wrote:
> In message <443B988C.6000407 at onetel.net>, "Dr. David Kirkby" writes:
> 
>>Poul-Henning Kamp wrote:
> 
> 
> 
>>I can't obviously see gps.dix.dk in there:
>>
>>sparrow /downloads % grep -i "gps\.dix\.dk" dwl700AP_firmware_202.dlf
> 
> 
> That is because in this case the firmware file is a compressed file
> with a small uncompression program in front.
> 
> Try this:
> 
> dd if=dwl700AP_firmware_202.dlf bs=489 iseek=40 | gunzip | strings
> 

Yes, that finds them as you say.

Looks like it uses a UNIX-like operating system (embedded linux?) too, with 
names like /dev/uart0 and /dev/flash0

/dev/uart0
uart0
adm2
adm2
/dev/flash0
Error: Create node /dev/flash0 failed!
131.107.1.10
129.6.15.29
209.0.72.7
207.126.103.202
128.138.140.44
192.43.244.18

> It seems to contain these hardcoded IP numbers:
> 
> 	131.107.1.10		(time-nw.nist.gov.)

That is interesting:
http://ntp.isc.org/bin/view/Servers/TimeNwNistGov

ServerLocation: 	 Microsoft Corporation, Redmond, Washington
ServerContact: 	 Judah Levine (jlevine at boulder.nist.gov) (303) 492-7785

It seems a bit odd, with a time-server located at M$, with the admin contact at 
NIST.

> 	129.6.15.29		(time-b.nist.gov.)
> 	209.0.72.7		(Somewhere in Level3)
> 	207.126.103.202		(Somewhere (unused ?) in AboveNet)
> 	128.138.140.44		(india.colorado.edu.)
> 	192.43.244.18		(time.nist.gov.)

All those have:

AccessPolicy: 	 OpenAccess
AccessDetails: 	Open access for up to 20 queries per hour (one-day average) from 
any one address, others by arrangement

so no problems with them, unless the server admins change their policy.

> Poul-Henning
> 

You might consider sending a few people letters asking them to cease using your 
time server. They could then take them to a retailer and ask them to be fixed 
and if no joy to a credit card company if they were purchased on a credit card.

Dlink would surly act if retailers were forced to give refunds or swap them for 
units that are not affected.

dave





More information about the Time-nuts_lists.febo.com mailing list