[ntp:security] pool.ntp.org directs to www.foofus.net

arden henderson tx407781x at verizon.net
Tue Jun 10 18:19:23 UTC 2008


Hi Danny,

Thanks for your reply.

>I'm not sure what the issue is that you are reporting nor why it's 
>considered a security issue.
>pool.ntp.org is designed to point to a varying list of addresses 
>which host available NTP servers and is only used by other NTP 
>servers. It's not a web site if that's what you are telling us. 
>Where does OpenDNS come into this?
>Can you tell us what the real issue is?

It may not be a security issue but that was my best guess contact 
point. I apologize if I contacted the wrong email address.

The issue was -- yesterday -- that pool.ntp.org would redirect to 
foofus.net or www.pool.ntp.org, the NTP Pool Project site, depending 
on nameservers used. However, today I can't reproduce it today. 
(hitting pool.ntp.org today  always  jumps to the NTP Pool Project 
site, the url in the browser instantly switches to www.pool.ntp.org)


Here's the background:
I use pool.ntp.org with OpenBSD on another machine so, yesterday, hit 
pool.ntp.org to learn more about it, thinking it would hit the NTP 
Pool Project site, as www.pool.ntp.org.

To my surprise, pool.ntp.org (without the www), would redirect 
immediately to foofus.net, using OpenDNS nameservers. This was 
surprising to me since foofus.net seemed to have nothing to do with 
ntp.org.  (I had never seen foofus.net show up before -- never heard 
of it before pool.ntp.org jumped to it. Maybe foofus.net is one of 
the pooled NTP servers?)

Using www.pool.ntp.org directly (with the www) would hit the site as expected.

To test, I switched to Verizon nameservers and pool.ntp.org would 
then immediately change to www.pool.ntp.org in the browser and the 
expected site would show up. Thinking this odd and having something 
to do with OpenDNS nameservers (I didn't test with any other 
nameservers other than Verizon and only OpenDNS nameservers seem to 
do this), I emailed OpenDNS and they sent the email I  forwarded 
below about root servers.

The OpenDNS email indicated they thought something odd was happening 
at the moment with root servers and sounded like I should let ntp.org 
know. So, this was confirmation that something unexpected was 
happening from their perspective, at least. Then I picked the best 
ntp.org email I could locate to send the info in case it might be 
important. I chose the security email address since it seemed 
appropriate at the time.

It turns out I can't get this to reproduce at all today using OpenDNS 
nameservers (with a few tries just now), so whatever was happening 
yesterday isn't happening today. Hitting pool.ntp.org immediately 
jumps to the proper site now as www.pool.ntp.org.

Thanks for your time on this.

--arden henderson


At 12:54 -0400 6/10/08, Danny Mayer wrote:
I'm not sure what the issue is that you are reporting nor why it's 
considered a security issue.

pool.ntp.org is designed to point to a varying list of addresses 
which host available NTP servers and is only used by other NTP 
servers. It's not a web site if that's what you are telling us. Where 
does OpenDNS come into this?

Can you tell us what the real issue is?

Danny

arden henderson wrote:
Hi,

Depending on the nameservers,  pool.ntp.org brings up www.foofus.net

www.pool.ntp.org seems to work reliably

OpenDNS checked it out  (ref email below) and provided this reply:
>It definitely looks like something odd is happening with the root 
>servers. See 
>http://private.dnsstuff.com/tools/traversal.ch?domain=pool.ntp.org&type=A&token=11a0aba66da33b3d25d2b49601999019

Hope this helps.

--arden henderson

---------------------

reference:
Date: Tue, 10 Jun 2008 00:10:53 +0000
From: contact at opendns.com
Subject: [ #ITW-91343-839]: [HOME] Question Defies Categorization (Arden
   Henderson)
To: tx407781x at verizon.net

Hi.

It definitely looks like something odd is happening with the root 
servers. See 
http://private.dnsstuff.com/tools/traversal.ch?domain=pool.ntp.org&type=A&token=11a0aba66da33b3d25d2b49601999019

My only suggestion would be to try contacting the host provider or site admin.


Please let us know if you have any further questions or concerns. We 
are happy to help!

Daniel Gifford
Community Manager
OpenDNS.com

---------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ntp.org/mailman/private/security/attachments/20080610/18fbdbd2/attachment.html 


More information about the security mailing list