[ntp:questions] Re: wireless routers beating on NTP servers

David L. Mills mills at udel.edu
Fri Jan 16 19:47:18 UTC 2004


Folks,

I sent the following to Linksys support. There are several models of
that particular router, so it's conceivable that the problem has already
been addressed. However, even if so, Linksys needs to defend itself. I'm
serious about the litigation issue; this is what I advised U Wisconsin
to do, but they chickened out. Unless vendors take Internet
infrastructure abuse more seriously, things could get really ugly.

...

Sirs,

The following appeared on the comp.protocols.time.ntp newsgroup:

Subject: wireless routers beating on NTP servers
Date: Fri, 16 Jan 2004 04:13:35 GMT
From: "Wolfgang S. Rupprecht" 

I just picked up one of those $85 Linksys WRT54G home wireless routers. 
I knew it was an embedded Linux host when I bought it, but I'd
completely forgotten about the Netgear debacle.  Imagine my surprise
after I configured everything that it allows you to configure and I slap
a tcpdump on the line and notice that it is pestering these NTP hosts
every 60 seconds:

     time.chttl.com
     time.nist.gov
     time.stdtime.gov.tw
     210.59.157.10
...

I'm sure you are aware of the recent Netgear debacle that crippled U
Wisconsin and its ISPs and amounted to a denial of service attack. As a
consultant in the incident I am familiar with the Netgear router design
deficiency which caused it. It appears your product may have a similar
deficiency.

In response to the U Wisconsin incident, RFC-2030, which defines the
Network Time Protocol Version 4, was rewritten as
draft-mills-sntp-v4-00.txt available at www.ietf.org. It is vital to
protect the Internet infrastructure that products like yours conform to
the best practices defined in the Draft. Upon review of that document,
please specify what steps you will take to conform to those practices.

The U Wisconsin incident and yours in question raise serious issues of
Internet infrastructure abuse. We and others as suppliers of
infrastructure services will take every step possible, including
litigation, denial of service for targeted abusers and general
blacklisting of your products.

This message will be circulated to the widest list of public places.

David L. Mills
University of Delaware



More information about the questions mailing list