[ntp:security] pool.ntp.org directs to www.foofus.net
tx407781x at verizon.net
Tue Jun 10 18:19:23 UTC 2008
Thanks for your reply.
>I'm not sure what the issue is that you are reporting nor why it's
>considered a security issue.
>pool.ntp.org is designed to point to a varying list of addresses
>which host available NTP servers and is only used by other NTP
>servers. It's not a web site if that's what you are telling us.
>Where does OpenDNS come into this?
>Can you tell us what the real issue is?
It may not be a security issue but that was my best guess contact
point. I apologize if I contacted the wrong email address.
The issue was -- yesterday -- that pool.ntp.org would redirect to
foofus.net or www.pool.ntp.org, the NTP Pool Project site, depending
on nameservers used. However, today I can't reproduce it today.
(hitting pool.ntp.org today always jumps to the NTP Pool Project
site, the url in the browser instantly switches to www.pool.ntp.org)
Here's the background:
I use pool.ntp.org with OpenBSD on another machine so, yesterday, hit
pool.ntp.org to learn more about it, thinking it would hit the NTP
Pool Project site, as www.pool.ntp.org.
To my surprise, pool.ntp.org (without the www), would redirect
immediately to foofus.net, using OpenDNS nameservers. This was
surprising to me since foofus.net seemed to have nothing to do with
ntp.org. (I had never seen foofus.net show up before -- never heard
of it before pool.ntp.org jumped to it. Maybe foofus.net is one of
the pooled NTP servers?)
Using www.pool.ntp.org directly (with the www) would hit the site as expected.
To test, I switched to Verizon nameservers and pool.ntp.org would
then immediately change to www.pool.ntp.org in the browser and the
expected site would show up. Thinking this odd and having something
to do with OpenDNS nameservers (I didn't test with any other
nameservers other than Verizon and only OpenDNS nameservers seem to
do this), I emailed OpenDNS and they sent the email I forwarded
below about root servers.
The OpenDNS email indicated they thought something odd was happening
at the moment with root servers and sounded like I should let ntp.org
know. So, this was confirmation that something unexpected was
happening from their perspective, at least. Then I picked the best
ntp.org email I could locate to send the info in case it might be
important. I chose the security email address since it seemed
appropriate at the time.
It turns out I can't get this to reproduce at all today using OpenDNS
nameservers (with a few tries just now), so whatever was happening
yesterday isn't happening today. Hitting pool.ntp.org immediately
jumps to the proper site now as www.pool.ntp.org.
Thanks for your time on this.
At 12:54 -0400 6/10/08, Danny Mayer wrote:
I'm not sure what the issue is that you are reporting nor why it's
considered a security issue.
pool.ntp.org is designed to point to a varying list of addresses
which host available NTP servers and is only used by other NTP
servers. It's not a web site if that's what you are telling us. Where
does OpenDNS come into this?
Can you tell us what the real issue is?
arden henderson wrote:
Depending on the nameservers, pool.ntp.org brings up www.foofus.net
www.pool.ntp.org seems to work reliably
OpenDNS checked it out (ref email below) and provided this reply:
>It definitely looks like something odd is happening with the root
Hope this helps.
Date: Tue, 10 Jun 2008 00:10:53 +0000
From: contact at opendns.com
Subject: [ #ITW-91343-839]: [HOME] Question Defies Categorization (Arden
To: tx407781x at verizon.net
It definitely looks like something odd is happening with the root
My only suggestion would be to try contacting the host provider or site admin.
Please let us know if you have any further questions or concerns. We
are happy to help!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security