Re: Open Letter to D-Link about their NTP vandalism

From: Brian Dickson (no email)
Date: Tue Apr 11 2006 - 23:47:11 EDT

  • Next message: Hank Nussbacher: "Re: Open Letter to D-Link about their NTP vandalism"

    Two concrete technical suggestions to mitigate the volunteered NTP server's
    usage issues at the DIX:

    (1) Have someone else anycast the DIX block, and NAT the incoming NTP requests
    to another NTP stratum-1 server (eg pool address(es)).

    Or a much better idea:

    (2) Renumber into a new /24, which is announced only at the DIX with no-export,
    so that only DIX members are able to reach the server - as was the intended
    usage of this NTP server in the first place.

    (The announcment can be made by anyone at the DIX, it is not strictly necessary
    that the NTP server be the announcer of the /24. And in fact, it need not be
    a /24, as the server should be the only occupant of the block - but it should
    not be covered by any globally visible aggregate, at least not one contiguous
    to the connectivity at the DIX.)

    As to the liability issue, it is easy enough to envision that someone,
    somewhere, is relying on time results from NTP for a life-or-death application,
    like a medical device, and is innocently an impacted third party in this.

    Sending bad NTP values could in theory be responsible for killing someone's
    scratch monkey...

    --
    Brian Dickson                                  Email: 
    http://www.chateau-briand.net                  Tel  : +1 647 234 7282
    

  • Next message: Hank Nussbacher: "Re: Open Letter to D-Link about their NTP vandalism"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD