[time-nuts] D-Links NTP server vandalism

Poul-Henning Kamp phk at phk.freebsd.dk
Tue Apr 11 09:23:52 EDT 2006

In message <443B988C.6000407 at onetel.net>, "Dr. David Kirkby" writes:
>Poul-Henning Kamp wrote:

>I can't obviously see gps.dix.dk in there:
>sparrow /downloads % grep -i "gps\.dix\.dk" dwl700AP_firmware_202.dlf

That is because in this case the firmware file is a compressed file
with a small uncompression program in front.

Try this:

dd if=dwl700AP_firmware_202.dlf bs=489 iseek=40 | gunzip | strings

It seems to contain these hardcoded IP numbers:		(time-nw.nist.gov.)		(time-b.nist.gov.)		(Somewhere in Level3)		(Somewhere (unused ?) in AboveNet)		(india.colorado.edu.)		(time.nist.gov.)


Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the time-nuts mailing list