[time-nuts] D-Links NTP server vandalism
Dr. David Kirkby
david.kirkby at onetel.net
Tue Apr 11 10:20:06 EDT 2006
Poul-Henning Kamp wrote:
> In message <443B988C.6000407 at onetel.net>, "Dr. David Kirkby" writes:
>>Poul-Henning Kamp wrote:
>>I can't obviously see gps.dix.dk in there:
>>sparrow /downloads % grep -i "gps\.dix\.dk" dwl700AP_firmware_202.dlf
> That is because in this case the firmware file is a compressed file
> with a small uncompression program in front.
> Try this:
> dd if=dwl700AP_firmware_202.dlf bs=489 iseek=40 | gunzip | strings
Yes, that finds them as you say.
Looks like it uses a UNIX-like operating system (embedded linux?) too, with
names like /dev/uart0 and /dev/flash0
Error: Create node /dev/flash0 failed!
> It seems to contain these hardcoded IP numbers:
> 184.108.40.206 (time-nw.nist.gov.)
That is interesting:
ServerLocation: Microsoft Corporation, Redmond, Washington
ServerContact: Judah Levine (jlevine at boulder.nist.gov) (303) 492-7785
It seems a bit odd, with a time-server located at M$, with the admin contact at
> 220.127.116.11 (time-b.nist.gov.)
> 18.104.22.168 (Somewhere in Level3)
> 22.214.171.124 (Somewhere (unused ?) in AboveNet)
> 126.96.36.199 (india.colorado.edu.)
> 188.8.131.52 (time.nist.gov.)
All those have:
AccessDetails: Open access for up to 20 queries per hour (one-day average) from
any one address, others by arrangement
so no problems with them, unless the server admins change their policy.
You might consider sending a few people letters asking them to cease using your
time server. They could then take them to a retailer and ask them to be fixed
and if no joy to a credit card company if they were purchased on a credit card.
Dlink would surly act if retailers were forced to give refunds or swap them for
units that are not affected.
More information about the time-nuts