[time-nuts] D-Links NTP server vandalism

rlutwak at comcast.net rlutwak at comcast.net
Tue Apr 11 15:03:29 UTC 2006 

NIST is trying to distribute their NTP service around the country.  If you give them space, power, and internet access, they'll provide the hardware and monitoring.  I don't know how they do the time validation in that scenario, it probably varies from site to site (maybe ACTs?).

-RL

---------------- 
Robert Lutwak, Senior Scientist 
Symmetricom - Technology Realization Center 
34 Tozer Rd. 
Beverly, MA 01915 

RLutwak at Symmetricom.com (Business) 
Lutwak at Alum.MIT.edu (Personal) 

(978) 232-1461 (Desk) 
(339) 927-7896 (Mobile) 
(978) 927-4099 (FAX)

-------------- Original message -------------- 
From: "Dr. David Kirkby" <david.kirkby at onetel.net> 

> Poul-Henning Kamp wrote: 
> > In message <443B988C.6000407 at onetel.net>, "Dr. David Kirkby" writes: 
> > 
> >>Poul-Henning Kamp wrote: 
> > 
> > 
> > 
> >>I can't obviously see gps.dix.dk in there: 
> >> 
> >>sparrow /downloads % grep -i "gps\.dix\.dk" dwl700AP_firmware_202.dlf 
> > 
> > 
> > That is because in this case the firmware file is a compressed file 
> > with a small uncompression program in front. 
> > 
> > Try this: 
> > 
> > dd if=dwl700AP_firmware_202.dlf bs=489 iseek=40 | gunzip | strings 
> > 
> 
> Yes, that finds them as you say. 
> 
> Looks like it uses a UNIX-like operating system (embedded linux?) too, with 
> names like /dev/uart0 and /dev/flash0 
> 
> /dev/uart0 
> uart0 
> adm2 
> adm2 
> /dev/flash0 
> Error: Create node /dev/flash0 failed! 
> 131.107.1.10 
> 129.6.15.29 
> 209.0.72.7 
> 207.126.103.202 
> 128.138.140.44 
> 192.43.244.18 
> 
> > It seems to contain these hardcoded IP numbers: 
> > 
> > 131.107.1.10 (time-nw.nist.gov.) 
> 
> That is interesting: 
> http://ntp.isc.org/bin/view/Servers/TimeNwNistGov 
> 
> ServerLocation: Microsoft Corporation, Redmond, Washington 
> ServerContact: Judah Levine (jlevine at boulder.nist.gov) (303) 492-7785 
> 
> It seems a bit odd, with a time-server located at M$, with the admin contact at 
> NIST. 
> 
> > 129.6.15.29 (time-b.nist.gov.) 
> > 209.0.72.7 (Somewhere in Level3) 
> > 207.126.103.202 (Somewhere (unused ?) in AboveNet) 
> > 128.138.140.44 (india.colorado.edu.) 
> > 192.43.244.18 (time.nist.gov.) 
> 
> All those have: 
> 
> AccessPolicy: OpenAccess 
> AccessDetails: Open access for up to 20 queries per hour (one-day average) from 
> any one address, others by arrangement 
> 
> so no problems with them, unless the server admins change their policy. 
> 
> > Poul-Henning 
> > 
> 
> You might consider sending a few people letters asking them to cease using your 
> time server. They could then take them to a retailer and ask them to be fixed 
> and if no joy to a credit card company if they were purchased on a credit card. 
> 
> Dlink would surly act if retailers were forced to give refunds or swap them for 
> units that are not affected. 
> 
> dave 
> 
> 
> _______________________________________________ 
> time-nuts mailing list 
> time-nuts at febo.com 
> https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts

More information about the Time-nuts_lists.febo.com mailing list