D-Link Firmware Abuses Open NTP Servers 567
DES writes "FreeBSD developer and NTP buff Poul-Henning Kamp runs a stratum-1 NTP server specifically for the benefit of networks directly connected to the Danish Internet Exchange (DIX). Some time last fall, however, D-Link started including his server in a hardcoded list in their router firmware. Poul-Henning now estimates that between 75% and 90% of NTP traffic at his server originates from D-Link gear. After five months of fruitless negotiation with a D-Link lawyer (who alternately tried to threaten and bribe him), he has written an open letter to D-Link, hoping the resulting publicity will force D-Link to acknowledge the issue. There are obvious parallels to a previous story, though Netgear behaved far more responsibly at the time than D-Link seem to be."
Easy fix (Score:4, Funny)
What's the issue? (Score:1, Funny)
If he squeals again we hit him with a B 52. That's the American Way. Always sorts out any problems in the films.
Re:Fishy (Score:3, Funny)
Re:Easy fix (Score:3, Funny)
Re:Easy fix (Score:2, Funny)
Then pehaps he should find a better router vendor. I hear this company called dlink sells routers, perhaps the'd be better.
Osama Bin Laden (Score:3, Funny)
D-Link must be run by Osama Bin Laden. That's why no one can be reached (hiding in the mountains of the Afghanistan and Pakistan border). Obviously, this attack has something to do with that cartoon thing.
Re:Blacklist time (Score:2, Funny)
Re:Time to link (Score:1, Funny)
Re:D-Link Business Development (Score:3, Funny)
Nuke them from orbit. It's the only way to be sure!
Re:D-Link Business Development (Score:3, Funny)
Re:D-Link Business Development (Score:3, Funny)
I sent the following:
Date: Fri, 7 Apr 2006 10:09:27 -0700 (PDT)
From: Todd Knarr <xxxx@xxxxxx.xxx>
To: sale@dlink.com, customerservice@dlink.com
Subject: DLink router use of Danish NTP server
This is in reference to the open letter to DLink from Danish sysadmin Poul-Henning Kamp (http://people.freebsd.org/~phk/dlink/ [freebsd.org]). Abuse of an NTP server in express violation of the service agreement in the Stratum-1 server list is, in my opinion, inexcusable. Willful refusal to correct the abuse when requested is, if anything worse. Hard-coding the server name into the firmware, so that changes are difficult or infeasible, as opposed to DLink maintaining their own DNS records so that changes are simple, is also inexcusable in any technically-competent organization.
I have been comtemplating purchase of a DLink DI-784 router/AP, a DWL-7100AP access point and a DWL-AG660 CardBus adapter. If DLink doesn't correct their error as Mr. Kamp asks, I will be taking my purchases to NetGear instead. They, at least, have demonstrated a willingness to fix their mistakes when asked. I will also be recommending to my friends that they avoid DLink products in the future.
One customer, voting with his dollars.
We'll see what kind of response I get.