[ntp:hackers] D-Links NTP server vandalism

todd glassey todd.glassey at worldnet.att.net
Tue Apr 11 19:48:48 UTC 2006


John ... ahahahahhh ahahahahahah ahhahah  - good one - you are funny!
----- Original Message ----- 
From: "John Pettitt" <jpp at cloudview.com>
To: "todd glassey" <todd.glassey at att.net>
Cc: "Mark Martinec" <Mark.Martinec at ijs.si>; "Harlan Stenn"
<stenn at ntp.isc.org>; <hackers at ntp.isc.org>
Sent: Tuesday, April 11, 2006 9:47 AM
Subject: Re: [ntp:hackers] D-Links NTP server vandalism


> Todd,
>     You are confusing the ability to monitor who is using a server with
> publishing the data.

No actually I am not - its you who is confusing the issues... The issues are
in capturing and recording information as to who connected to and who used
what services. This includes registering their IP addresses and any other
information collected like the "actual time their system had in it"...

Also - any NTP Services that are advertised as anonymous but that are not
would be fraudulently advertised ones if there was some other data
collection process capturing use  information. Anonymous means anonymous...
and I mean completely anonymous.

> The question Harlan asks is how to know who is
> using your server.

And that is the point - I dont think any one of us gets to ask who is using
the server per the existing policies of the Federal Timebases. Or in the
anonymous use of NTP.

BTW - its worth noting that without the Fed's and the BPM there is no
Stratum-1 or UTC.

> That is a reasonable question for any admin to ask,
> since administrative monitoring tools server a compelling purpose in
> many cases it's hard to see the government objecting, particularly when
> the same governments are asking ISP's to track everything and keep the
> records.

No actually its not... Again - Anonymous is anonymous... sorry.

Curently per use policy, none of the Public Stratum-1 Government-Certified
operations are not allowed to track people's use of the public time data
whether you publish that data or not. Further they - the NIST Time Server's
are setup to roll their logs fast enough that there is very little cached
use numbers except the total number of hits per period.

Your collection of the data and its analysis is the privacy invasion and the
mere fact of collecting the information is the violation of those people's
privacy.

You DO NOT get to audit use of something unless the rules for 'the
something's' use are posted - which with NTP there is NO WAY TO DO. The
agreement you are thinking of would be one made between the End-User's of
the Timebase and the Operator of the Timebase, but in fact the deal if it
exists at all was put in place by the vendor of the system and the time
server operator, so how many of us Stratum-1 Operators have any contact with
our userbase and when did we get anything from those people that allows us
to violate their privacy by recording their use of our system, espesicially
if the contract was not disclosed to the end-user.

Since we are the beneficiary of that recorded information - the problem from
a legal standpoint is so obvious that even a lay person like me sees it.

> You may have a point if the data is  public (but see below).
>
> Further your argument that anon access has been around forever is false

No, sorry John I think you are wrong again here too ...

> - access has not been anon because the monlist command has also been
> around a long time -

You gotta be kidding - Yeah MONLIST has been around but its a key violation
of the privacy of the users of the systems... Just because that is a problem
for this list  does not change the legal facts that MONLIST is a tool for
the Systems Operator and it it totally unknown or its function to the
clients of the service...

Also there also is no MONLIST in the SW based, client only implementations
which are the sheer bulk of the connections. In fact  they have little if
any policy control information moving back and forth and most of then have
no possible  interface to the host to issue MONLIST.

> any user reading the documentation would know that
> there is a way for admins to monitor their use and that many servers do
> not restrict external access to monlist so it could be argued that anon
> access is in fact not and the norm.

Most users had their minds made up for them without any disclosure, and now
for you to arbitrarily to decide to start using a process that no one has
used to date really, as the Standard Modus Operandi is indicative of why
there are so many problems in the NTP world. But go ahead and start
collecting this information. I am willing to bet the suit is in court within
six months
>
> Yes government can be a pain in the ass over these kind of things but I
> think we are far from the sky actually falling on this issue.
>
> John
>
>
> todd glassey wrote:
> > Harlan -IMHO you are running headlong into a litigation matter over
privacy
> > and anonymous access.  I believe that you are facing serious privacy
issues
> > in the EU, such that anyone that wants to anonymously use those time
> > services does and has, and since they have been operated that way
forever,
> > its already cast in stone...
> >
> > Let alone the US Government's issues with this effort on your part. How
are
> > you going to inform the users that you are now tracking them? Send them
an
> > email? And since you must take time from the Government's, what this
will do
> > is take the non-governmental supplied servers off the master S-1 List
IMHO,
> > when NIST and people like NORAMET formally disqualify your machine
because
> > of operations practices.
> >
> > Otherwise the option is to litigate against both you Harlan and this NTP
> > organization, as well as the ISC, and if you think I am kidding about
this,
> > figure out what happens when CNET publishes that the privately operated
time
> > servers are tracking use.
> >
> > You guys really dont get it - this is the big kids table and its about
the
> > global deployment of time data - the most important commodity in the
Digital
> > World.
> >
> >
> > Todd Glassey
> >
> > ----- Original Message ----- 
> > From: "Harlan Stenn" <stenn at ntp.isc.org>
> > To: "Mark Martinec" <Mark.Martinec at ijs.si>
> > Cc: <hackers at ntp.isc.org>
> > Sent: Tuesday, April 11, 2006 12:04 AM
> > Subject: Re: [ntp:hackers] D-Links NTP server vandalism
> >
> >
> >
> >> I'd invite people to add information on how to answer the question "Who
> >> is using my NTP server?" at:
> >>
> >>  http://ntp.isc.org/bin/view/Support/MonitoringAndControllingNTP
> >>
> >> H
> >> _______________________________________________
> >> hackers mailing list
> >> hackers at support.ntp.org
> >> https://support.ntp.org/mailman/listinfo/hackers
> >>
> >
> > _______________________________________________
> > hackers mailing list
> > hackers at support.ntp.org
> > https://support.ntp.org/mailman/listinfo/hackers
> >
> >
>



More information about the hackers mailing list