[ntp:questions] Re: wireless routers beating on NTP servers
Richard B. Gilbert
rgilbert88 at comcast.net
Sun Jan 18 04:05:08 UTC 2004
"Do not attribute to malice anything which is adequately explained by
Remember that more than forty percent of the population has subnormal
How about sentencing the perps to operate, at their own expense, a pool
of stratum one servers sufficient to accommodate all the defective products?
David L. Mills wrote:
>Can you reveal the UDP source port number? Very likely it is the same in
>all units, at least in the same version. This is how the perps were
>detected in the Netgear incident. We should add a blacklist feature to
>the ntpd access controls where known perps would be discarded on the
>basis of UDP source port number.
>A skeptic might come to suspect this and the Netgear incident might be
>more sinister than first suspected and might conceivably be a terrorist
>plot. There might be a design team contracted by Linksys to construct an
>otherwise innocent program but actually indended to create a million
>zombies. A small number of these perps that light up a few times per
>minute might not be noticed, but the Netgear incident involved some
>750,000 perps all imploding on the same server.
>Who wants to argue me out of such evil thoughts? Call the FBI to chase
>down the outsource designers and verify their intentions? As in the
>Netgear incident, my recommendation is to prosecute Linksys as knowingly
>creating a theft-of-service attack on public infrastructure. Like
>knowingly selling dynamite to blow up bridges.
>"Wolfgang S. Rupprecht" wrote:
>>sully-usenet at stargazy.org (David Sullivan) writes:
>>>If this is just after poweron and it's running an embedded Linux it's
>>>possible it might be the normal ntp software doing it's initial dance.
>>>These devices may increase their polling interval and properly respect
>>>ignorance and KoD in the normal way (which at least might be something
>>>compared to the netgear and smc debacles).
>>This was after hours of being powered up. I was monitoring it to see
>>if anyone would spot the powered up WEP-less AP. All the packet
>>traffic was NTP, ARP and DNS. Pages and pages of it. (As an aside,
>>the darn thing needed to query DNS and re-ARP the same address every
>>couple of seconds. It has got to have the shortest DNS and ARP
>>timeouts I've ever seen. The NTP servers is not the only thing this
>>thing beats up on.)
>>Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
>> The above "From:" address is valid. Don't mess with it.
>>Gripe to your senators about spam: http://www.wsrcc.com/spam/senators.html
More information about the questions