George said:
Yeah I knw where the "list" is but like I've said, many just don't work -
the list is obsolete.
Most seem to work for me, but I use a Sun workstation, not a D-link
router, so I can't say I have tried with this. I suspect the muppet
routers don't implement the protocol as well as the Sun.
So they're selling routers which are not configurable for that setting? I
haven't seen a lot of different brands but my router does not show or allow
changing the setting from its Web-based interface - have to use the Command
Line from a Telnet session... which means reading the docs. This is not
stuff for the average "consumer".
I'm not aware it can be done on mine at all. Luckily, none accessed have
any restrictions.
Why should I not use it? It's one of the few with Open Access and no
notification message required. It's even possible that the router mfr has
obtained permission based on assurances of non-abuse and reasonably coded
frequency of look-ups. If someone wants me to obey some "Service Area"
convention, they'd better explain what that means - no such explanation is
easily found.
The ServiceArea is the geographic and/or network area the TimeServer is
intended to serve.
"Vandalism" requires some intent to do harm or "abuse".
I personally did not use the word vandalism. But I think abuse is correct.
It also appears that DK has no Stratum-2 servers at all
and only two Restricted Access ones in Stratum-1 which both say "Open
access to servers, please, no client use". Hmm, difficult to know what
they mean by "servers" but it does seem like there is a problem with the DK
Internet NTP infrastructure.
Well, you don't have to use a local server and should not use a local
one if it restricts access.
Ridiculous extrapolation. For one thing, I do not "publish" the method of
access to my computer.
I accept there is a *big* difference between intentionally hacking a
machine (me hacking yours) and you or anyone else using an NTP server
without realizing it. One is an accident, the other a deliberate act.
But once you are aware you are not welcome at an NTP server, then I
think the difference disappears.
I will ask you the same question I asked the person posting as:
Borked Pseudo Mail - '(e-mail address removed)'
If you were asked by an NTP server administrator (such as the owner of
the Danish one) to stop accessing that server, and you were unable to do
so by a firmware upgrade or reconfiguring the router, would you continue
to access his server, even though he had asked you not to? If you had
no other option, would you switch your router/modem off and not use it?
Furthermore, what if the person asking you was from the US government or
the US Navy, both of whom timeservers are being abused? Would you
continue to use their time servers if you had no way of stopping your
D-link product from doing it without switching it off?
BTW, your ISP, Tellurian, might have something to say about it, as it
would be against their rules:
http://www.tellurian.com/usagepolicy.asp
In particular:
* Any "denial of service" attack, any attempt to breach
* authentication or security measures, or any unauthorized attempt
* to gain access to any other account, host or network is
* prohibited, and will result in immediate service termination,
* which may be without notice.
I think you using the NTP server then would be an unauthorized attempt
to gain access to another host.
What will most people do when faced with "here it
is; don't use it... but nothing else, which is geographically close, is
available"?
So that makes it right?
I suggest if they are in the US, it would be rather foolish to continue
to do it should a US government or navy official ask you to stop.
Making up rules after the fact is always easy. AFAIK the "pool" concept is
relatively new - things are continually evolving here and the rules in
place now are not necessarily what was offered when firmware for any given
router was being written. Also, the "Rules of Engagement" and other docs
are hardly written for a quick reference.
No, the rules were in place before. I am not suggesting any rules at all.
If vendors chose to implement products which use NTP servers it is up to
them to work out how to do it without accessing other servers their
intended end users are not supposed to. It is not up to me, or anyone
else to tell them how to do it. I am just saying there are ways, but it
is their decision. The rules have been in place a long while.
I'd think *most* gateway/routers are acquired by end-users and SMBs from an
ISP - it would certainly help if NTP had a similar hierarchical structure
to DNS name caching.
I suspect, but don't know, that for a gateway router where the time can
only be set to 1 second resolution, it makes no difference if you use a
near or distant NTP server. The protocol corrects for network delays.
Correction improves when multiple time servers are used but I doubt it
is necessary unless the resolution is better than 1 second.
On my own system, 5 time servers are used and corrections rarely exceed
50 ms.
My PDA usually syncs to a local time server (one of my own computers),
but even if I send it to a distant one the other side of the Atlantic,
the corrections are under 1 s.
But to what accuracy you can set the time is really irrelevant for the
discussion. You should not access ones you are not welcome at and to me
at least continuing to do so once you are aware of the issue is no
different from hacking another machine.
--
Dave K MCSE.
MCSE = Minefield Consultant and Solitaire Expert.
Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually.