[ntp:hackers] Dlink is abusing almost *ALL* stratum 1 servers :-(

Enrico Weigelt weigelt at metux.de
Sun Apr 9 21:55:00 UTC 2006


* Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
> In message <44392DEB.2040506 at sun.com>, Brian Utterback writes:
> 
> >It seemd to me that there are several steps we should take. The
> >first is write up an RFC that states exactly what embedded systems
> >vendors should do with their products.
> 
> It's already out there:  RFC4075

hmm, this only defines how to configure ntp clients via dhcp in IPv6.
I personally don't see IPv6 will be widely deployed at such systems 
in the next few years.

So another suggestion: public CNAMEs for several client groups /
access policies.

* each access policy (ie. public-clients, public-servers, CIX'es, ...)
  has its own (canonical) name. 
* behind this name, we've got pointers to all NTP-servers available
  to this access policy.
* all names and their pointers form a database of ntp-services
* this database is mapped into several DNS zones, hosted on several
  networks, ie. ".servers.ntp.org" 
* all people on the net (not just the vendors) are urged to use
  this database, *NOT* the current list of all NTP servers
  (where they currently got the IPs from)


Okay, this still doesn't solve the current case, but may be a good
way to prevent future problems.


What do you think about this ?



cu
-- 
---------------------------------------------------------------------
 Enrico Weigelt    ==   metux IT service

  phone:     +49 36207 519931         www:       http://www.metux.de/
  fax:       +49 36207 519932         email:     contact at metux.de
  cellphone: +49 174 7066481
---------------------------------------------------------------------
 -- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops --
---------------------------------------------------------------------


More information about the hackers mailing list