[time-nuts] D-Links NTP server vandalism

Poul-Henning Kamp phk at phk.freebsd.dk
Tue Apr 11 09:23:52 EDT 2006


In message <443B988C.6000407 at onetel.net>, "Dr. David Kirkby" writes:
>Poul-Henning Kamp wrote:


>I can't obviously see gps.dix.dk in there:
>
>sparrow /downloads % grep -i "gps\.dix\.dk" dwl700AP_firmware_202.dlf

That is because in this case the firmware file is a compressed file
with a small uncompression program in front.

Try this:

dd if=dwl700AP_firmware_202.dlf bs=489 iseek=40 | gunzip | strings

It seems to contain these hardcoded IP numbers:

	131.107.1.10		(time-nw.nist.gov.)
	129.6.15.29		(time-b.nist.gov.)
	209.0.72.7		(Somewhere in Level3)
	207.126.103.202		(Somewhere (unused ?) in AboveNet)
	128.138.140.44		(india.colorado.edu.)
	192.43.244.18		(time.nist.gov.)

Poul-Henning

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.




More information about the time-nuts mailing list