[time-nuts] D-Links NTP server vandalism

Dr. David Kirkby david.kirkby at onetel.net
Tue Apr 11 10:20:06 EDT 2006

Poul-Henning Kamp wrote:
> In message <443B988C.6000407 at onetel.net>, "Dr. David Kirkby" writes:
>>Poul-Henning Kamp wrote:
>>I can't obviously see gps.dix.dk in there:
>>sparrow /downloads % grep -i "gps\.dix\.dk" dwl700AP_firmware_202.dlf
> That is because in this case the firmware file is a compressed file
> with a small uncompression program in front.
> Try this:
> dd if=dwl700AP_firmware_202.dlf bs=489 iseek=40 | gunzip | strings

Yes, that finds them as you say.

Looks like it uses a UNIX-like operating system (embedded linux?) too, with 
names like /dev/uart0 and /dev/flash0

Error: Create node /dev/flash0 failed!

> It seems to contain these hardcoded IP numbers:
>		(time-nw.nist.gov.)

That is interesting:

ServerLocation: 	 Microsoft Corporation, Redmond, Washington
ServerContact: 	 Judah Levine (jlevine at boulder.nist.gov) (303) 492-7785

It seems a bit odd, with a time-server located at M$, with the admin contact at 

>		(time-b.nist.gov.)
>		(Somewhere in Level3)
>		(Somewhere (unused ?) in AboveNet)
>		(india.colorado.edu.)
>		(time.nist.gov.)

All those have:

AccessPolicy: 	 OpenAccess
AccessDetails: 	Open access for up to 20 queries per hour (one-day average) from 
any one address, others by arrangement

so no problems with them, unless the server admins change their policy.

> Poul-Henning

You might consider sending a few people letters asking them to cease using your 
time server. They could then take them to a retailer and ask them to be fixed 
and if no joy to a credit card company if they were purchased on a credit card.

Dlink would surly act if retailers were forced to give refunds or swap them for 
units that are not affected.


More information about the time-nuts mailing list