SS Date: Thu, 13 Apr 2006 22:22:11 -0700
SS From: Steve Sobol
Apologies in advance for the OT post...
SS Well I just saw your .sig... Can't give any credit to your statement.
SS
SS Your choice. I don't see any sense in arguing the point further, as you
SS probably won't change your mind.
Sorry for the noise again.
Yes, you can edit /etc/hosts
No, the box does not care.
Neither voipd nor multid care for it
Apr 13 05:25:17 voipd[402]: Request: SUBSCRIBE sip:[EMAIL PROTECTED]
Apr 13 05:25:17 voipd[402]: dns: _sip._udp.sipgate.de: query
Apr 13 05:25:17 voipd[402]: dns:
What most people participating in this subthread seem to be missing is
that
if one did decide to send (or accidentally sent) false time to these
D-Link
devices, NOBODY WOULD EVER KNOW OR CARE. Doing so does not solve any
problems, so whatever the legal risk of acting is, no matter how
Steve Sobol wrote:
Alain Hebert wrote:
With the way you named your address book (North American Noise and
Off-topic Gripes).
We now know where to fill your futur comments.
(In the killfile that is)
You don't seem to want to act very responsibly, based on your comments
here,
On Wed, 12 Apr 2006 18:56:44 -0700 (PDT)
Steve Thomas [EMAIL PROTECTED] wrote:
How does one properly report delivery failure to a guerrilla spammer?
If you accept the message, you can presumably deliver it. In this day and
age, anyone accepting mail for a domain without first checking the
On Wed, 12 Apr 2006, Miquel van Smoorenburg wrote:
In article [EMAIL PROTECTED],
Matt Ghali [EMAIL PROTECTED] wrote:
[ someone else wrote, but Miquel failed to attribute: ]
.or do you think that TCP/IP connection
should be held open until the message can be scanned for spam and
viruses
From the BBC Daily news, Technology section:
* Net clocks suffering data deluge *
Home hardware maker D-Link has been accused of denting the net's
ability to tell the time accurately.
Full story:
http://news.bbc.co.uk/go/em/-/2/hi/technology/4906138.stm
Matt Ghali [EMAIL PROTECTED] wrote:
On Wed, 12 Apr 2006, Miquel van Smoorenburg wrote:
[...]
.. after content scanning, user1 wants the mail, user2 doesn't. Now what
?
Gosh gomer, is 2821 not available in Books On Tape format?
Aww, but reading is *hard*!
The simple answer is that RFCs
[ In response to Richard A Steenbergen ]
Alain Hebert said:
Well,
With the way you named your address book (North American Noise and
Off-topic Gripes).
We now know where to fill your futur comments.
(In the killfile that is)
That Cc: came from my message, and RAS didn't
I haven't seen any succinct justification for providing a
550 message rejection for positively-identified spam versus
silently dropping the message. Lots of how-to instructions
but no whys.
matthew black
california state university, long beach
Because your father may forward a
Alain Hebert wrote:
Its a cultural issue...
I acknowledge that there are cultural differences, but... y'know, two wrongs,
etc.
Its not right versus wrong but amelioration versus status-quo...
It is *both.* DLink is being obnoxious. That doesn't mean being obnoxious
back is the
PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; John Dupuy [EMAIL PROTECTED]
Sent: Tuesday, April 11, 2006 11:29 AM
Subject: Re: Open Letter to D-Link about their NTP vandalism
law professor I'd really suggest that readers confirm this claim (that
intentional sending
On Tue, Apr 11, 2006 at 10:01:10PM +,
Edward B. DREGER [EMAIL PROTECTED] wrote
a message of 27 lines which said:
AS112-style NTP service, anyone? That would be cooperative and
possibly even useful.
It already exists (Security warning: do not use it on strategic
machine, there is no
On 12/04/06, Alexei Roudnev [EMAIL PROTECTED] wrote:
Hmm, if some idiot wrote my NTP IP into his hardware, I just stop to monitormy NTP and make sure that it have few hours of error in time. No one require
me to CLAIM that I set up wrong time, BUT no one can require me to maintaincorrect time
On Tue, 11 Apr 2006, Edward B. DREGER wrote:
AS112-style NTP service, anyone? That would be cooperative and possibly even
useful.
pool.ntp.org
Tony.
--
f.a.n.finch [EMAIL PROTECTED] http://dotat.at/
BERWICK ON TWEED TO WHITBY: WEST OR SOUTHWEST 5 OR 6, PERHAPS INCREASING 7
LATER IN
On Wed, 12 Apr 2006, Suresh Ramasubramanian wrote:
Exim with the spamassassin patches (sa-exim) does this, for example.
SpamAssassin support is built in to Exim since version 4.50.
Tony.
--
f.a.n.finch [EMAIL PROTECTED] http://dotat.at/
BERWICK ON TWEED TO WHITBY: WEST OR SOUTHWEST 5 OR 6,
In article [EMAIL PROTECTED],
Matt Ghali [EMAIL PROTECTED] wrote:
.or do you think that TCP/IP connection
should be held open until the message can be scanned for spam and
viruses just so we can give a 550 MESSAGE REJECTED error instead of
silently dropping it?
absolutely. is that actually
From my Fritzbox log:
Apr 12 06:27:29 multid[360]: dns: 0.europe.pool.ntp.org: query
Apr 12 06:27:30 multid[360]: dns: 0.europe.pool.ntp.org: 82.71.9.63 ttl=79 from
192.168.180.1.
Apr 12 06:27:30 multid[360]: sending SNTP request to server
0.europe.pool.ntp.org (82.71.9.63)
Apr 12 06:27:30
Miquel van Smoorenburg wrote:
In article [EMAIL PROTECTED],
Matt Ghali [EMAIL PROTECTED] wrote:
.or do you think that TCP/IP connection
should be held open until the message can be scanned for spam and
viruses just so we can give a 550 MESSAGE REJECTED error instead of
silently dropping
Suresh Ramasubramanian wrote:
On 4/11/06, Matthew Black [EMAIL PROTECTED] wrote:
Are you suggesting that we configure our e-mail servers to notify
people upon automatic deletion of spam? Frequently, spam cannot be
properly identified until closure of the SMTP conversation and that
final
Matthew Sullivan wrote:
Suresh Ramasubramanian wrote:
On 4/11/06, Matthew Black [EMAIL PROTECTED] wrote:
Are you suggesting that we configure our e-mail servers to notify
people upon automatic deletion of spam? Frequently, spam cannot be
properly identified until closure of the SMTP
This reminds me of selective availability (I think that's the
correct term) in the GPS stream coming from US DOD orbital platforms.
Sure, the data is jittered. Who sues because only authorized clients (in
that case, US military forces) get unjittered time and position but folks
without
On Wed, 12 Apr 2006, M. David Leonard wrote:
This reminds me of selective availability (I think that's the
correct term) in the GPS stream coming from US DOD orbital platforms.
Sure, the data is jittered.
Hasn't been for several years.
Tony.
--
f.a.n.finch [EMAIL PROTECTED]
M. David Leonard [EMAIL PROTECTED] writes:
What is to prevent a network from providing unjittered NTP to its
downstream clients/customers BUT jittered NTP to outsiders? How is this
different from providing up-to-the-millisecond stock exchange data to
paying customers but delaying the same
FYI: a couple of update at http://people.freebsd.org/~phk/dlink/
I've summited a suggestion for a story to Wired... We'll see.
--
Alain Hebert[EMAIL PROTECTED]
PubNIX Inc.
P.O. Box 175 Beaconsfield, Quebec H9W 5T7
tel 514-990-5911
At 10:15 AM -0400 4/12/06, Alain Hebert wrote:
FYI: a couple of update at http://people.freebsd.org/~phk/dlink/
I've summited a suggestion for a story to Wired... We'll see.
Perhaps they could also talk to someone who actually knows how
ntp works as well.
-M
--
Martin Hannigan
Several people kindly contacted me off list with laborious
explanations of how to implement delayed 550 rejections using
sedmail, et al. We gave up sendmail years ago in favor of a
competing solution.
I haven't seen any succinct justification for providing a
550 message rejection for
On 4/12/06, Matthew Black [EMAIL PROTECTED] wrote:
I haven't seen any succinct justification for providing a
550 message rejection for positively-identified spam versus
silently dropping the message. Lots of how-to instructions
but no whys.
For viruses - fine. But you are not going to
On Wed, 12 Apr 2006, Matthew Black wrote:
I haven't seen any succinct justification for providing a
550 message rejection for positively-identified spam versus
silently dropping the message.
If you are wrong about the message being spam, then the sender gets a
bounce.
Tony.
--
f.a.n.finch
Just for curiousity, you can change it. /etc/hosts is a link
/etc/hosts - ../var/tmp/hosts
you can edit but you cannot permanently save it.
cat /etc/hosts
127.0.0.1 localhost
192.168.178.1 fritz.box
217.10.79.8 0.europe.pool.ntp.org ntp.sipgate.de
Now I dont bother
On Wed, 12 Apr 2006 20:30:16 +0530
Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
On 4/12/06, Matthew Black [EMAIL PROTECTED] wrote:
I haven't seen any succinct justification for providing a
550 message rejection for positively-identified spam versus
silently dropping the message. Lots of
On 4/12/06, Matthew Black [EMAIL PROTECTED] wrote:
Agreed, but we're willing to live with an error rate of less
than one in a million. This isn't a space shuttle. I don't think
the USPS can claim 99.% delivery accuracy. Nonetheless, to
I'm not even saying five nines. Spam filtering -
On Wed, 12 Apr 2006 21:12:44 +0530
Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
On 4/12/06, Matthew Black [EMAIL PROTECTED] wrote:
Where is the bandwidth savings once we've accepted an entire message,
scanned it, determined it was spam, then provided a 550 rejection
versus silently
Matthew Black wrote:
there's no bandwidth savings from silently dropping the message
versus providing a 550 rejection. In the best of all worlds,
it would be nice to give feedback. No system is perfect and a
false-positive rate of less than one in a million 220 accepted
messages seems
I haven't seen any succinct justification for providing a
550 message rejection for positively-identified spam versus
silently dropping the message. Lots of how-to instructions
but no whys.
RFC 2821?
...the protocol requires that a server accept responsibility
for either delivering a
On Wed, 12 Apr 2006 10:16:53 PDT, Steve Thomas said:
I haven't seen any succinct justification for providing a
550 message rejection for positively-identified spam versus
silently dropping the message. Lots of how-to instructions
but no whys.
RFC 2821?
...the protocol requires
Thus spake Alexei Roudnev [EMAIL PROTECTED]
Hmm, if some idiot wrote my NTP IP into his hardware, I just stop to
monitor my NTP and make sure that it have few hours of error in time.
No one require me to CLAIM that I set up wrong time, BUT no one can
require me to maintain correct time just
Earlier today, I said:
Unless you're the final recipient of the message, you have no business
deleting it. If you've accept a message, you should either deliver or
bounce it, per RFC requirements.
I just want to clarify that I was in no way suggesting that anyone bounce
spam - I was merely
On Tue, 11 Apr 2006, Steven M. Bellovin wrote:
By the way, since we're talking about D-Link, it's instructive to read the
warnings on their firmware update pages.
Do NOT upgrade firmware on any D-Link product over a wireless
connection. Failure of the device may result. Use
On 4/12/06, Steve Sobol [EMAIL PROTECTED] wrote:
On Tue, 11 Apr 2006, Steven M. Bellovin wrote:
By the way, since we're talking about D-Link, it's instructive to read the
warnings on their firmware update pages.
Do NOT upgrade firmware on any D-Link product over a wireless
On Wed, Apr 12, 2006 at 12:03:51PM -0400, Joe Maimon wrote:
Matthew Black wrote:
there's no bandwidth savings from silently dropping the message
versus providing a 550 rejection. In the best of all worlds,
it would be nice to give feedback. No system is perfect and a
false-positive
On Wed, 12 Apr 2006, Steve Sobol wrote:
On Tue, 11 Apr 2006, Steven M. Bellovin wrote:
By the way, since we're talking about D-Link, it's instructive to read the
warnings on their firmware update pages.
Do NOT upgrade firmware on any D-Link product over a wireless
connection.
On Tue, 11 Apr 2006, Alain Hebert wrote:
Because its DIX ressources... They can do whatever they want with it.
They owe nothing to DLink customers, and DLink customers should
know to buy equipments from a better company that do not trespasses on
other properties.
And how
On Wed, 12 Apr 2006 14:18:24 -0400
[EMAIL PROTECTED] wrote:
On Wed, 12 Apr 2006 10:16:53 PDT, Steve Thomas said:
I haven't seen any succinct justification for providing a
550 message rejection for positively-identified spam versus
silently dropping the message. Lots of how-to instructions
Steve Sobol wrote:
On Tue, 11 Apr 2006, Alain Hebert wrote:
Because its DIX ressources... They can do whatever they want with it.
They owe nothing to DLink customers, and DLink customers should
know to buy equipments from a better company that do not trespasses on
Steve Thomas wrote:
Earlier today, I said:
Unless you're the final recipient of the message, you have no business
deleting it. If you've accept a message, you should either deliver or
bounce it, per RFC requirements.
I just want to clarify that I was in no way suggesting that anyone
On Wed, Apr 12, 2006 at 01:32:26PM -0500, Stephen Sprunk wrote:
On the plus side, after seeing D-Link's (lack of) reaction to this, I'll
bet none of us will buy another of their products again.
If it was legal to sell whatever you people are smoking that makes you
think dlink gives a
ST Date: Wed, 12 Apr 2006 10:16:53 -0700 (PDT)
ST From: Steve Thomas
ST RFC 2821?
ST
ST ...the protocol requires that a server accept responsibility
ST for either delivering a message or properly reporting the
ST failure to do so.
How does one properly report delivery failure to a
How does one properly report delivery failure to a guerrilla spammer?
If you accept the message, you can presumably deliver it. In this day and
age, anyone accepting mail for a domain without first checking the RCPT TO
- even (especially?) on a backup MX - should have their head examined. In
Well,
With the way you named your address book (North American Noise and
Off-topic Gripes).
We now know where to fill your futur comments.
(In the killfile that is)
Richard A Steenbergen wrote:
On Wed, Apr 12, 2006 at 01:32:26PM -0500, Stephen Sprunk wrote:
On the plus
Alain Hebert wrote:
With the way you named your address book (North American Noise and
Off-topic Gripes).
We now know where to fill your futur comments.
(In the killfile that is)
You don't seem to want to act very responsibly, based on your comments here,
so it doesn't surprise
Paul Vixie wrote:
[EMAIL PROTECTED] (Simon Lyall) writes:
I've said in other forums the only solution for this sort of software is
to return the wrong time (by several months). The owner might actually
notice then and fix the problem.
that creates new liability, and isn't
On Tue, 11 Apr 2006, Simon Lyall wrote:
Everyone here runs spam filters. Many times a day you tell a remote MTA
you've accepted their email but you delete it instead. Explain the
difference?
Hold on there. What you are describing is evil and bad, and I
certainly hope everyone does not do
At 08:36 PM 10/04/2006, Simon Lyall wrote:
I've said in other forums the only solution for this sort of software is
to return the wrong time (by several months). The owner might actually
notice then and fix the problem.
Of our customers who have such routers, I would say 90% would not
know
11, 2006 9:05 AM
Subject: Re: Open Letter to D-Link about their NTP vandalism
At 08:36 PM 10/04/2006, Simon Lyall wrote:
I've said in other forums the only solution for this sort of software is
to return the wrong time (by several months). The owner might actually
notice then and fix
On Mon, 10 Apr 2006 23:23:06 -0700 (PDT)
Matt Ghali [EMAIL PROTECTED] wrote:
On Tue, 11 Apr 2006, Simon Lyall wrote:
Everyone here runs spam filters. Many times a day you tell a remote MTA
you've accepted their email but you delete it instead. Explain the
difference?
Hold on there. What
Matthew Black wrote:
On Mon, 10 Apr 2006 23:23:06 -0700 (PDT)
Matt Ghali [EMAIL PROTECTED] wrote:
On Tue, 11 Apr 2006, Simon Lyall wrote:
Everyone here runs spam filters. Many times a day you tell a remote MTA
you've accepted their email but you delete it instead. Explain the
To keep this operational: Operationally the network operator should
contact a lawyer before doing something like this.
Purposely and knowingly sending bad data in order to do harm is a
counter-attack. As such it might be vigilantism, which is illegal in
most countries. Or it might be
On Tue, 11 Apr 2006 10:28:32 -0400, John Underhill [EMAIL PROTECTED]
wrote:
It seems to me, that the only *real* solution is for these manufacturers to
implement a [responsible] strategy of automatic firmware upgrades, as it
pertains to these (simple eu type) devices.
How difficult would
.
- Original Message -
From: John Dupuy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 11, 2006 9:00 AM
Subject: Re: Open Letter to D-Link about their NTP vandalism
To keep this operational: Operationally the network operator should
contact a lawyer before doing something
On Tue, 2006-04-11 at 09:28:14 -0700, Alexei Roudnev proclaimed...
It's legal to have broken NTP server in ANY country, and it's legal in most
(by number) countries to send counter-attack (except USA as usual, where
lawyers want to get their money and so do not allow people to self-defence).
. Bellovin [EMAIL PROTECTED]
To: John Underhill [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, April 11, 2006 12:24 PM
Subject: Re: Open Letter to D-Link about their NTP vandalism
On Tue, 11 Apr 2006 10:28:32 -0400, John Underhill [EMAIL PROTECTED
On Tue, Apr 11, 2006 at 02:04:39AM -0400, Alain Hebert wrote:
Paul Vixie wrote:
[EMAIL PROTECTED] (Simon Lyall) writes:
I've said in other forums the only solution for this sort of software is
to return the wrong time (by several months). The owner might actually
notice then and fix the
Joseph S D Yao wrote:
On Tue, Apr 11, 2006 at 02:04:39AM -0400, Alain Hebert wrote:
Paul Vixie wrote:
[EMAIL PROTECTED] (Simon Lyall) writes:
I've said in other forums the only solution for this sort of software is
to return the wrong time (by several months). The owner
* [EMAIL PROTECTED] (Robert Bonomi) [Tue 11 Apr 2006, 22:00 CEST]:
I'll suggest that there are several presumptions in that 'claim' that are
not fully supported by the facts of the matter, as previously described.
Please don't suggest anything of the kind. This is not the North
American
On Tue, 11 Apr 2006 15:00:14 CDT, Robert Bonomi said:
1) _Who_says_ it is 'false data'? *Who*knows* what that machines is
'supposed'
to provide TO WHOM?
I think if you are handing another machine an NTP packet that's intentionally
set several months off just to get them to shut up, you
[EMAIL PROTECTED] wrote:
On Tue, 11 Apr 2006 15:00:14 CDT, Robert Bonomi said:
1) _Who_says_ it is 'false data'? *Who*knows* what that machines is 'supposed'
to provide TO WHOM?
I think if you are handing another machine an NTP packet that's intentionally
set several months off
I've said in other forums the only solution for this sort of
software is to return the wrong time (by several months). The
owner might actually notice then and fix the problem.
that creates new liability, and isn't realistic in today's
litigious world.
(Suprise to read
Paul Vixie wrote:
I've said in other forums the only solution for this sort of
software is to return the wrong time (by several months). The
owner might actually notice then and fix the problem.
that creates new liability, and isn't realistic in today's
litigious world.
Date: Tue, 11 Apr 2006 16:30:11 -0400
From: Valdis.Kletnieks
I suppose pointing out that the Internet works because providers
*cooperate* and *agree on protocols* would be pointless
To a certain [limited] extent, anyway, as countless NANOG-L threads
prove time and again. Of course,
Hi Matt-
On Tue, 11 Apr 2006, Matthew Black wrote:
Are you suggesting that we configure our e-mail servers to notify
people upon automatic deletion of spam?
Absolutely not. I was responding to the suggestion that it's a good
idea to silently drop mail which you have accepted with a 2xx
2) *Who*says* there is 'malicious intent' involved? I'm going to be
travelling 'off network'(with the 'network' being defined as the one where
I have published that I'm providing time-server services to), and I happen
to have a recurring need for 32-bit units of a specifically
transformed
On 4/11/06, Matthew Black [EMAIL PROTECTED] wrote:
Are you suggesting that we configure our e-mail servers to notify
people upon automatic deletion of spam? Frequently, spam cannot be
properly identified until closure of the SMTP conversation and that
final 200 mMESSAGE ACCEPTED...or do you
Two concrete technical suggestions to mitigate the volunteered NTP server's
usage issues at the DIX:
(1) Have someone else anycast the DIX block, and NAT the incoming NTP requests
to another NTP stratum-1 server (eg pool address(es)).
Or a much better idea:
(2) Renumber into a new /24, which
On Tue, 11 Apr 2006, Alain Hebert wrote:
Yeap ... cooperate... Which DLink is not doing.
All legal discussion end the same way... a dead end.
Half are scared by lawyer and the other have enought intestinal
fortitude to put them in there place.
(At the bottom of the sea
At 11:47 PM -0400 4/11/06, Brian Dickson wrote:
Two concrete technical suggestions to mitigate the volunteered NTP server's
usage issues at the DIX:
(1) Have someone else anycast the DIX block, and NAT the incoming NTP requests
to another NTP stratum-1 server (eg pool address(es)).
Or a much
BD Date: Tue, 11 Apr 2006 23:47:11 -0400
BD From: Brian Dickson
BD As to the liability issue, it is easy enough to envision that
BD someone, somewhere, is relying on time results from NTP for a
BD life-or-death application, like a medical device, and is innocently
BD an impacted third party in
On Mon, 10 Apr 2006 [EMAIL PROTECTED] wrote:
One particular piece of crapware of the tucows archive variety would retry
once per second if it hadn't heard a response - but a ICMP Port Unreachable
would trigger an *immediate* query, so it would basically re-query at whatever
the RTT for the
[EMAIL PROTECTED] (Simon Lyall) writes:
I've said in other forums the only solution for this sort of software is
to return the wrong time (by several months). The owner might actually
notice then and fix the problem.
that creates new liability, and isn't realistic in today's litigious world.
On Tue, 11 Apr 2006, Paul Vixie wrote:
[EMAIL PROTECTED] (Simon Lyall) writes:
I've said in other forums the only solution for this sort of software is
to return the wrong time (by several months). The owner might actually
notice then and fix the problem.
that creates new liability, and
On Sat, 08 Apr 2006 11:17:20 CDT, Nicholas Suan said:
It would be nice if it were that simple. However there are an annoyingly
large amount of poorly-written clients whose polling ratios do not
decrease after they get no response from the server. There have even
been some clients whose polling
On Fri, 07 Apr 2006 20:16:03 EDT, Jared Mauch said:
My suggestion is rename from gps - gps1 and drop the gps
dns name. That combined with some bind/whatever views that
scope the dns responses are effective since it's a DNS name.
That will fix the problem. In 2012 or so.
I have a
On Sat Apr 08, 2006 at 03:15:24AM -0400, [EMAIL PROTECTED] wrote:
There's still an ARP
every 2-3 seconds for it caused by people who hard-coded the IP address.
I've been configuring up a few ciscos recently. In the config, I enter
ntp server pool.ntp.org, at which point IOS resolves
Matt Ghali [EMAIL PROTECTED] writes:
Companies behaving irresponsibly and releasing (selling!) code that
abuses a shared public resource should not be the norm.
The addresses that are configured into shipping Apple products for NTP are:
time.apple.com
time.asia.apple.com
On 4/8/06, Robert E. Seastrom [EMAIL PROTECTED] wrote:
The addresses that are configured into shipping Apple products for NTP are:
time.apple.com
time.asia.apple.com
time.euro.apple.com
ubuntu linux has ntp.ubuntulinux.org for this
Oh, and windows xp is set up with an option to
On Sat, Apr 08, 2006 at 03:15:24AM -0400, [EMAIL PROTECTED] wrote:
On Fri, 07 Apr 2006 20:16:03 EDT, Jared Mauch said:
My suggestion is rename from gps - gps1 and drop the gps
dns name. That combined with some bind/whatever views that
scope the dns responses are effective since it's
On Fri, 7 Apr 2006, Todd Vierling wrote:
On Fri, 7 Apr 2006, David Hubbard wrote:
How about serve back bogus NTP data to non-BIX customer
prefixes? Maybe if people's computers start setting
themselves to the year 2004 D-Link will do something. :-)
Perhaps return back a time value
Service Area: Networks BGP-announced on the DIX
Since the intended (and announced) use of this server is just for DIX
networks, blocking NTP from any other networks should be trivial. That
IP address will still be hit by D-Link devices looking for a suitable
server, but with no response,
On Sat, Apr 08, 2006 at 10:51:27AM -0500, Church, Chuck wrote:
Since the intended (and announced) use of this server is just for DIX
networks, blocking NTP from any other networks should be trivial. That
IP address will still be hit by D-Link devices looking for a suitable
server, but with
GPS.dix.dk service is described as:
DK Denmark GPS.dix.dk (192.38.7.240)
Location: Lyngby, Denmark
Geographic Coordinates: 55:47:03.36N, 12:03:21.48E
Synchronization: NTP V4 GPS with OCXO timebase
Service Area: Networks BGP-announced on the DIX
Access Policy: open access to servers, please, no
Rubens Kuhl Jr. wrote:
GPS.dix.dk service is described as:
DK Denmark GPS.dix.dk (192.38.7.240)
Location: Lyngby, Denmark
Geographic Coordinates: 55:47:03.36N, 12:03:21.48E
Synchronization: NTP V4 GPS with OCXO timebase
Service Area: Networks BGP-announced on the DIX
Access Policy: open access
Hi,
Should not be hard to fix...
Its clearly a missuses of dix.dk services.
Couple of thinks:
Since its bgp and DIX customers surely have to provide a list of
subnets to announce (filter and such), add those the the ntp server,
or use ipf/ipfw/iptables to filter in the dix
I think he should use dns views to answer the queries to gps.dix.dk and
either:
( a ) answer 127.0.0.1 to all queries from outside his service area
( b ) answer a D-Link IP address to all queries from outside his
service area (which could lead to getting their attention; dunno if
From: Rubens Kuhl Jr.
It still would require him to answer the DNS requests. Only
way to addres that is everybody outside DIX declare
gps.dix.de as www.dlink.com in their resolvers.
How about serve back bogus NTP data to non-BIX customer
prefixes? Maybe if people's computers start
On Fri, 7 Apr 2006, David Hubbard wrote:
How about serve back bogus NTP data to non-BIX customer
prefixes? Maybe if people's computers start setting
themselves to the year 2004 D-Link will do something. :-)
Perhaps return back a time value that is ~10 seconds from wrapping around?
Where
Rubens Kuhl Jr. wrote:
big snip
It still would require him to answer the DNS requests. Only way to
addres that is everybody outside DIX declare gps.dix.de as
www.dlink.com in their resolvers.
Oh, I see two things here - the first is that he's in charge of his DNS,
which he probably isn't.
On Fri, Apr 07, 2006 at 12:52:29PM -0700, Etaoin Shrdlu wrote:
Well, this is at least marginally on topic, and I think it deserves a
wider audience. It is written by Poul-Henning Kamp (the affected party).
Please read it.
http://people.freebsd.org/~phk/dlink/
*sigh* Yes yes everyone
On Fri, 7 Apr 2006 18:49:18 -0400, Richard A Steenbergen
[EMAIL PROTECTED] wrote:
Its just NTP, I can't imagine that it is *really* enough traffic to care
all that much. There are probably a hundred people on this list who could
donate free transit for this and not give it a second
Its just NTP, I can't imagine that it is *really* enough traffic to care
all that much.
You're kidding, right? Do you know what happened to wisc.edu:
http://www.cs.wisc.edu/~plonka/netgear-sntp/
+[EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: [EMAIL PROTECTED]
User-Agent: Mutt/1.5.9i
On Fri, Apr 07, 2006 at 06:49:18PM -0400, Richard A Steenbergen wrote:
Its just NTP, I can't imagine that it is *really* enough
1 - 100 of 108 matches
Mail list logo