Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

D-Link Settles Danish Time Dispute

Posted by Zonk on Thu May 11, 2006 02:40 PM
from the cash-out-your-chips-now dept.
Networking Government The Courts News Technology
igb writes "The Register reports that DLink has settled the time server dispute described a little over a month ago here on Slashdot. They're going to stop using an NTP server they're not really authorized to chime with, and they've reached an amicable settlement over the use by existing products. The details of the settlement are, not unsurprisingly, somewhat vague, but let's hope that the good guys aren't out of pocket any more."
+ -
story

Related Stories

[+] Technology: D-Link Firmware Abuses Open NTP Servers 567 comments
DES writes "FreeBSD developer and NTP buff Poul-Henning Kamp runs a stratum-1 NTP server specifically for the benefit of networks directly connected to the Danish Internet Exchange (DIX). Some time last fall, however, D-Link started including his server in a hardcoded list in their router firmware. Poul-Henning now estimates that between 75% and 90% of NTP traffic at his server originates from D-Link gear. After five months of fruitless negotiation with a D-Link lawyer (who alternately tried to threaten and bribe him), he has written an open letter to D-Link, hoping the resulting publicity will force D-Link to acknowledge the issue. There are obvious parallels to a previous story, though Netgear behaved far more responsibly at the time than D-Link seem to be."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

D-Link Settles Danish Time Dispute 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • They should've known better... (Score:5, Funny)

    by Anonymous Coward on Thursday May 11 2006, @02:42PM (#15310888)
    than to challenge a Time Lord!

  • Netgear did the same thing a few years ago (Score:5, Insightful)

    by dananderson (1880) on Thursday May 11 2006, @02:47PM (#15310945) Homepage
    Netgear did the same thing with the University of Wisconsin Internet NTP's servers. [wisc.edu]

    It's strange these companies can't afford to set up a few of their own NTP servers instead of overloading servers that don't have the bandwidth. It it's because they are clueless or they are cheap?

    • Why dont they at least use the government supported ntp servers since then the users probobly still payed for it in taxes.

      I currently use the Argonne national lab NTP server most of the time which is probobly government paid though it could be provided by the University of Chicago (though since my connection is on-campus, it makes the most sense).

    • It it's because they are clueless or they are cheap?


      Yes, and yes. They are clueless, and they are cheap.

      That is why pool.ntp.org was created - to provide a pool of NTP servers that these bozos can use without hammering anybody's server too badly.
    • These situations make no sense to me. The NTP system is very easy to use properly.

      There's a great little website about how to use ntp.org servers [ntp.org] properly.

      For the quick-fix people, point your NTP capable system at pool.ntp.org.

      If you live in north america, you can use the north-america.pool.ntp.org dns name instead, for only north american servers. The same applies to other continents [ntp.org] and several country codes.

      Basically, there's no excuse for hard-coding a time server in almost any situation, unless your client is completely incapable of DNS and has no access to external DNS servers.
      • It would be really nice to think that it's not that hard. Yet, somehow, as a member of the NTP pool, I just keep on having issues. At this moment, I'm supporting roughly 1500 clients. 35% of my resources to supply all those clients with acurate time are being used by 40 clients. In fact, the top 10 "abusers" are taking nearly 17%... and it's a good moment.

        • Re:Netgear did the same thing a few years ago (Score:5, Informative)

          by Gnavpot (708731) on Thursday May 11 2006, @04:47PM (#15312299)
          At this moment, I'm supporting roughly 1500 clients. 35% of my resources to supply all those clients with acurate time are being used by 40 clients. In fact, the top 10 "abusers" are taking nearly 17%... and it's a good moment.
          I wonder if the abusers are running some kind of Unix/Linux/BSD time daemons.

          In my experience, when starting the 'chronyd' time daemon under Linux, it will poll very often, like 15 seconds intervals. Everytime it gets an answer, it will compare it to the system clock, log the deviation and adjust the system clock speed based on the trend. After some time, the system clock will run really accurate, so the logged deviations will be small. The polling interval will then be increased in steps up to a max. limit of 4 hours. If the computer is restarted, this scenario starts over again.

          Compare this to a typical Windows XP computer which seems to poll a time server once a week or so. No doubt that the ntp server will feel some clients more abusive than others.

          Disclaimers:
          The intervals stated above may be wrong. I haven't tinkered with optimizing my time daemons since the old pay-per-minute ISDN days so my memory is a bit rusty.

          Chronyd is just an example. I have no knowledge of whether it stresses the time servers more or less than other time daemons like 'xntpd'.

            • Re:Netgear did the same thing a few years ago (Score:4, Informative)

              by tinkerghost (944862) on Thursday May 11 2006, @05:39PM (#15312916) Homepage
              So D-Link units were making a NTP request, the request was denied by the server, but the D-Link engineers put it in their list of NTP servers anyway?
              Yes, but worse and out of order .....
              Check out NTP.org [ntp.org]. Specifically check the Rules of Engagement [isc.org], The Stratum 1 list [isc.org], and RFC 1305 [faqs.org].
              Now looking at everything we have a protocol that involves 2 components, an implimentation component and a social component. The actual implimentation of the protocol is laid first as "Format your request in this fasion and we will return the responce looking like this...". However, it also has things for implimenting request timing fallback and kill requests. The social implimentation of the protocol is layed out in the RoE and the Server Lists - note the regional restrictions and the authorization requests in the server lists.
              From the original article which evidently doesn't have any information on the open letter anymore - D-Link took the Stratum 1 list and shoved it into some of their router NTP lookup tables. That blows off the entire social aspect of the protocol - both the permissions and the structure.
              Next they implimented only the request portion of the protocol, they ignore the backoff & get lost request structures - essentially forgoing the entire error correction portion incorperated into the RFC. So up to the point of manufacture they have 3 strikes against them,
              • Failure to obey the Stratum structure of the NTP system
              • Failure to follow the permisions structure of the NTP system
              • Failure to properly impliment the NTP connection protocol
              Now there was no known issue with this until the Danish exchange turned to the Stratum 1 owner and said "You are eating a hell of a lot of bandwidth here & we can't keep giving it to you for free." At which point the problem was tracked back to a series of D-Link SOHO routers. I don't recall the exact process he used , but he started sending kill requests to anything from a D-Link router. When they ignored it & kept making requests he talked to D-Link
              From memory the conversation then went like this:
              Dane: You're routers are hammering my server & they need to stop, you don't have permission & you're violating the rules.
              D-Link: How cute, have a nickle & go get yourself some candy.
              Dane: WTF? The exchange is going to charge me $8K to cover your protocol violations.
              D-Link: It's not our fault & if it is talk to our Lawyer.
              Lawyer: I won't talk to you unless you come to CA & argue your case.
              At which point it devolved to an open letter & public shaming - which by the way seems to have worked.

              [note] IIRC someone calculated the estimated bandwidth from the D-Link routers using Stratum 1 NTP servers to be enough to continously flood a T1. So this isn't just an occasional knock on the door, it's pretty heavy usage for what amounts to a request packet and a responce packet from each router.

  • They already lost at least $120 in sales (Score:5, Interesting)

    by Omnifarious (11933) * on Thursday May 11 2006, @02:47PM (#15310952) Homepage Journal

    And likely more. I've been telling my friends not to buy them, and I know of at least one buying decision that was made specifically for that reason that cost them $120 worth of sales of USB wireless adapters.

    • That's nothing. I'm engineering a large scale DSL rollout, around 80,000 installations in the first 2 phases during 2006, and a potential 4 million subscribers over the next 3 years. My technical analysis of the CPEs determines who makes the shortlist. I had a lot of fun at CeBit this March, watching the sales weasels fight over who would get first shot at my account.

      I had even more fun letting the D-Link fuckheads know why they were on my blacklist. For two main reasons, the NTP theft of services from all the stratum 1's, and the mac ethernet framing problems. They were told quite clearly the non-response from their engineering team on these two show-stopper problems had left them permanently blacklisted. Its called schadenfreud, and it feels good.

      the AC

  • Not Vague At All (Score:5, Insightful)

    by TubeSteak (669689) on Thursday May 11 2006, @02:50PM (#15310968) Journal
    ... D-Link's existing products will have authorized access to Mr. Kamp's server, but all new D-Link products will not use the GPS.Dix.dk NTP time server. D-Link is dedicated to remaining a good corporate and network citizen.
    Allow me to translate: He got paid.

    Part of the settlement involves him putting on his website "D-Link is dedicated to remaining a good corporate and network citizen."

    Otherwise, considering his previous level of frustration, there's no chance he would shill for them like that.

  • not unsurprisingly (Score:5, Funny)

    by boldtbanan (905468) on Thursday May 11 2006, @02:51PM (#15310988)
    The details of the settlement are, not unsurprisingly, somewhat vague...
    I do not think that means what you think it means

  • What I would have done (Score:5, Funny)

    by ch-chuck (9622) on Thursday May 11 2006, @03:00PM (#15311080) Homepage
    Is silently migrate my legit users to another ntp server and then set the D-Link'ed ones to something like Klingon time or something bizarre, streach 8 hour days to 10 hours, etc. Of course that wouldn't solve the excess traffic, but you can get creative with revenge, especially when you're in the right.

  • NTP Pool for Vendors (Score:3, Informative)

    by Anonymous Coward on Thursday May 11 2006, @03:14PM (#15311203)
    There is now a way for vendors to use the NTP pool. See http://www.pool.ntp.org/vendors.html [ntp.org] for details.
  • Someone at D-Link should simply have realized the mistake and paid for a few very fast servers to sit at a hosting facillity and respond to the requests -- and all the requests already using that service -- for as long as the Danes were willing to point the DNS entry for that server to them.

    In the scheme of things, and from a marketing perspective, anything else is stupid and a waste of good will.

  • Poul-Henning Kamp got payed! (Score:4, Informative)

    by henriklehmann (455724) on Thursday May 11 2006, @04:54PM (#15312396) Homepage
    Poul-Henning Kamp got 200.000 DDK (Danish kroner) which is about 33.000 US$.

    The settlement states that Poul-Henning Kamp must not talk about the history of problems which the D-Link routers caused. But He tells danish press that any future problemes causes by D-link equiptment will be posted around the net ;-). This information is from the danish version of computerworld online at http://www.computerworld.dk/ [computerworld.dk]

    His homepage is http://people.freebsd.org/~phk/ [freebsd.org]

    For those in america: Denmark is not the capital of sweden ;-)

    • Re:Public? Server (Score:4, Informative)

      by Binestar (28861) on Thursday May 11 2006, @02:57PM (#15311034) Homepage
      Seems to me that if you run a (public) NTP server with a publicly available IP address and/or DNS resolution, that means anyone (public) can use the (public) service - no?

      No.
    • Most public NTP servers require permission prior to use. The list of public NTP servers have an email address or webpage form to use prior to using their NTP server.

      The reason for this is to avoid problems like this, where the NTP server is overloaded or the NTP client is mis-configured and overloads the server or network.

    • Re:Public? Server (Score:5, Informative)

      by Aladrin (926209) on Thursday May 11 2006, @03:02PM (#15311089)
      Public or not, you have to follow the rules. It is pretty well known that only 'Stratum 2' NTP servers are to use 'Stratum 1' NTP servers. This is not just a 'because we want it that way' policy. There are many good reasons for this.

      http://en.wikipedia.org/wiki/NTP_vandalism [wikipedia.org]

    • Re:Public? Server (Score:4, Informative)

      by tinkerghost (944862) on Thursday May 11 2006, @04:36PM (#15312160) Homepage
      Check the NTP page, there are public (open) servers and there are public (restricted) servers. There are also 3 layers of service,
      • Stratum 1 are principle time servers for a region & directly query atomic clocks.
      • Stratum 2 are general use for large regions or institutions - generally they should only be contacted by Stratum 3 servers - clients only as a last resort.
      • Stratum 3 are the generic NTP servers of the internet - if you're an end client you should be talking to a Stratum 3 unless none are available/unrestricted for your use.
      D-Link SOHO routers do 3 things wrong.
      • They don't follow the NTP protocol for requests to stop using the service.
      • They ignore the restrictions place on the server usage - in Denmark, for use by ISP or Stratum (2/3) requests.
      • They hit a Stratum 1 NTP server as an end client.
      So no, if you run a public NTP server that you have dutifully entered restrictions on, you are expecting everyone who comes to you to obey the NTP protocol. That includes following the restrictions, listening to the go away requests, and following the basic rules of who to talk to.
      [Analogy type=bad]
      In the US there are a number of parking spaces set asside for handicapped parking in almost every parking lot. Physically you can park there if you are not handicapped, but you're not supposed to (covers both ignoring restrictions and a client talking to a Stratum 1 server). If the manager of the parking lot tells you to get your car out of the spot - you should do that(refers to the kill request in the NTP protocol). In the real world if it get's this far, the cops come & give you a ticket. On the net you get open letters calling you an arogant prick who can't be bothered to figure out the basics of the protocols you are boasting about
      [/Analogy]
      For the record the Danish server was not the only Stratum 1 server they hit, they appear to have taken the Stratum 1 list (almost all of which restrict usage to Stratum 2 servers) and shoved it into the routers for general use - hardly the "Good internet citizen" they claim to be.

        • Re:Public? Server (Score:5, Insightful)

          by freshman_a (136603) on Thursday May 11 2006, @03:15PM (#15311218) Homepage Journal
          His NTP server access policy explicitly limited use of said server to the Danish Internet Exchange (DIX). In return, DIX provided him with a free internet connection for his NTP server. Because D-Link was sucking so much bandwidth, DIX told Kamp he would have to pay yearly for the connection. D-Link disregarded his server policy and abused his server. That's why it's a problem.

          Also, his server is a Stratum 1, and, while not explicitly written, the D-Link devices should getting the time via a Stratum 2 server. At least, that's how it's commonly done.

          Does that help explain things better?

            • Re:Public? Server (Score:4, Insightful)

              by plague3106 (71849) on Thursday May 11 2006, @04:59PM (#15312466)
              Taping a note to your front door that reads 'only enter if you live here' doesn't accomplish a lot if you leave the door open all the time.

              Please, stop with stupid analogies. They are never helpful. You can leave your door open all the time, that doesn't give anyone the right to go in! In Vermont, thats criminal trespass, and the fine is much larger than the other forms of trespass defined in the act.

    • Re:Their reputation preceeds them (Score:5, Informative)

      by John Miles (108215) on Thursday May 11 2006, @03:15PM (#15311217) Homepage Journal
      Agreed. D-Link appears to occupy a point on the cost-quality curve that ultimately costs more in hair-pulling time than it saves in cash. Their products may be OK for lightweight use at home, but they can really give you fits in a more demanding environment.

      Case in point: we recently put a bunch of DGS-1008D 8-port gigabit switches into service, and immediately started having problems with dropped Ethernet connections. Our laser printer was sucking down enough power at the onset of its fuser-warmup phase to trigger a nearby UPS momentarily. The resulting switchover transient lasted only a few milliseconds, but it was enough to reset the DGS-1008D. After a LOT of tail-chasing, it transpired that the (cheap-ass linear) wall-wart supplies that D-Link ships with the DGS-1008D lack sufficient filter capacitance to absorb even the slightest power glitch under high-load conditions (e.g., when there are several cables plugged into the switch.)

      We took a few of their power supplies apart and found that the oldest ones -- which didn't have the problem -- used a 2000-uF filter capacitor at the rectifier output. At some point, they saved 10 cents by moving to a supply with only 1000 uF, rendering their product useless in many real-world office environments.

      This isn't supposed to be a general "let's all bag on D-Link" thread, but hey, if the shoe fits...

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.