This is the
talk page for discussing improvements to the
NTP server misuse and abuse article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||||||
|
As I've brought up on the now retracted deletion discussion on the soon to be dead deletion talk page, the NPOV of the title of the article is a problem. Wikipedia should describe the issue and the facts, not take the accusations of one part in a controversy as point of departure.
Secondly, I still don't see the term NTP vandalism as an established term, as it googles up no hits not connected to D-link.
I request that 'NTP vandalism' not be the title of the article, and any reference thereto be clearly attributed to the accuser. Let the reader determine whether it constitutes vandalism or not. See WP:NPOV Jens Nielsen 16:08, 12 April 2006 (UTC)
If I may make an observation here:
The reason I chose the word "vandalism" is that, at least in Danish, "vandalisme" indicates the (inadvertant) destruction of something of value, by somebody who does not perceive that value.
The origin of the word is from the "Vandals", a germanic tribe which was displaced and ended up sacking Rome for no particular good reason and without realizing that they would end the "Pax Romana" by doing so.
Compare to this the word "misbrug" (which translates to "abuse") which indicates a knowing or even planned act of misuse.
Since the programmer, who wrote the disputed code, in his ignorance had absolutely no idea that the inclusion of my stratum 1 server would cause any trouble, and because it was not the NTP packets _as such_, but rather the AUP policy breach that caused problems, I felt that "abuse" would be less precise than "vandalism".
That said, once D-Link was informed about the vandalism, and chose to not attempt remediation, it obviously became abuse.
Provided my reasoning above holds, I think in the general case, and consequently the disputed article, would be more aptly served by 'vandalism' as the damage in all the documented cases have been caused by people who didn't grasp the implications of their actions, more than by their intended action.
Finally I would also say that while it is a refreshing diversion to see people hold heated debates about such finer linguistic points, I'm not religious about it, I can live with either word.
Poul-Henning
"There is, however, no evidence that any of these problems are comprised of deliberate vandalism." That's not correct. The CSIRO NTP servers were used despite requests in the public NTP listing that hosts use stratum 2 servers in preference to stratum 1 servers. The devices using the stratum 1 NTP servers despite requests not to do so is close enough to deliberate vandalism in my book. -- Gdt 07:11, 17 October 2006 (UTC)
NTP vandalism is not a smear against D-Link. It's practiced by thousands of clueless clients that query NTP servers too frequently and ignore the NTP KILL request. Also, [ http://www.cs.wisc.edu/~plonka/netgear-sntp/ Netgear did the same thing back in 2003]. Dananderson 22:10, 11 May 2006 (UTC)
I am not sure I can support the term "NTP Vandalism", for the reasons mentioned above. But, I strongly disagree with the word "misuse". I think "abuse" is a much better term. Therefore, I propose "NTP server abuse". I am using this term in an article I am writing for ;login: magazine (being published by the USENIX association). Moreover, D-Link, Netgear, and SMC are not the only cases of server abuse of this sort -- there is another case, noted by David Malone in the April 2006 issue of ;login:. Brad Knowles Wed May 31 19:08:44 CDT 2006.
I'm confused at how the PHK / D-Link case was "amicably resolved". From a technical point of view, it seems that simply not worrying any more about the existing misuse / abuse is going to cause the bandwidth consumption problem to continue indefinitely. At the very least, I would think they should have agreed to reassign the gps.dix.dk host name to a new IP address (possibly an address belonging to D-Link) — so all that traffic wouldn't keep on getting sent to Denmark — and then given PHK's server a new name, and spread the word about the new host name to the users in Denmark. But as far as I can tell from doing traceroute gps.dix.dk just now, the machine is still in Denmark somewhere. Does anyone know any more technical details of how this case was "resolved" (and why they didn't do something like what I just described)? Richwales 02:48, 29 June 2006 (UTC)
Because it it doesn't help. AARNet still sees lots of traffic for the abandoned CSIRO NTP server IP addresses. Installing a NTP server on those IP addresses would actually generate less traffic as the NTP clients would not re-try continually.-- Gdt 07:07, 17 October 2006 (UTC)
I suspect the most likely resolution was something along the lines of paying enough money to cover his? costs and agreeing to fix the problem in the future. BTW, are you sure the D-Link routers didn't use a hardcoded IP address? In which case reassigning the hostname would achieve no purpose. Nil Einne ( talk) 12:44, 11 May 2011 (UTC)
The Tardis and Trinity College, Dublin is confusing if you just read our description. Reading the sources, it's clear this didn't really involve a NTP server but a HTTP server which used to function an NTP server as well. Tardis implemented an option to get time via HTTP servers in case firewalls blocked NTP servers but didn't do it very well. For example, they only included 4 total HTTP servers and allowed users to set the update interval to 1 minute and also used a GET rather then a HEAD request increasing the amount of data transferred and didn't include a user agent so admins had no way of knowing what was making the requests. Anyway for this reason I'm not sure if it belongs (unless we rename it to time server rather then NTP server as per the request above) but if it does, it needs to be clarified since as it stands, it's confusing (what the heck does HTTP have to do with NTP?) Nil Einne ( talk) 12:53, 11 May 2011 (UTC)
I have seen IPs sending more than 30 packets within one second to my NTP server for more than ten minutes. Is this still the described software error or is it already some sort of a DOS attack? What is a reasonable limit (e.g. connections per IP per minute/second) for a firewall to keep within NTP specifications? Even RFC 1305 seems to be not really helpful - at least I couldn't find an answer there. -- Liberal Freemason ( talk) 16:05, 26 June 2011 (UTC)
Hello fellow Wikipedians,
I have just modified 2 external links on NTP server misuse and abuse. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— cyberbot II Talk to my owner:Online 05:09, 2 July 2016 (UTC)
This is the
talk page for discussing improvements to the
NTP server misuse and abuse article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||||||
|
As I've brought up on the now retracted deletion discussion on the soon to be dead deletion talk page, the NPOV of the title of the article is a problem. Wikipedia should describe the issue and the facts, not take the accusations of one part in a controversy as point of departure.
Secondly, I still don't see the term NTP vandalism as an established term, as it googles up no hits not connected to D-link.
I request that 'NTP vandalism' not be the title of the article, and any reference thereto be clearly attributed to the accuser. Let the reader determine whether it constitutes vandalism or not. See WP:NPOV Jens Nielsen 16:08, 12 April 2006 (UTC)
If I may make an observation here:
The reason I chose the word "vandalism" is that, at least in Danish, "vandalisme" indicates the (inadvertant) destruction of something of value, by somebody who does not perceive that value.
The origin of the word is from the "Vandals", a germanic tribe which was displaced and ended up sacking Rome for no particular good reason and without realizing that they would end the "Pax Romana" by doing so.
Compare to this the word "misbrug" (which translates to "abuse") which indicates a knowing or even planned act of misuse.
Since the programmer, who wrote the disputed code, in his ignorance had absolutely no idea that the inclusion of my stratum 1 server would cause any trouble, and because it was not the NTP packets _as such_, but rather the AUP policy breach that caused problems, I felt that "abuse" would be less precise than "vandalism".
That said, once D-Link was informed about the vandalism, and chose to not attempt remediation, it obviously became abuse.
Provided my reasoning above holds, I think in the general case, and consequently the disputed article, would be more aptly served by 'vandalism' as the damage in all the documented cases have been caused by people who didn't grasp the implications of their actions, more than by their intended action.
Finally I would also say that while it is a refreshing diversion to see people hold heated debates about such finer linguistic points, I'm not religious about it, I can live with either word.
Poul-Henning
"There is, however, no evidence that any of these problems are comprised of deliberate vandalism." That's not correct. The CSIRO NTP servers were used despite requests in the public NTP listing that hosts use stratum 2 servers in preference to stratum 1 servers. The devices using the stratum 1 NTP servers despite requests not to do so is close enough to deliberate vandalism in my book. -- Gdt 07:11, 17 October 2006 (UTC)
NTP vandalism is not a smear against D-Link. It's practiced by thousands of clueless clients that query NTP servers too frequently and ignore the NTP KILL request. Also, [ http://www.cs.wisc.edu/~plonka/netgear-sntp/ Netgear did the same thing back in 2003]. Dananderson 22:10, 11 May 2006 (UTC)
I am not sure I can support the term "NTP Vandalism", for the reasons mentioned above. But, I strongly disagree with the word "misuse". I think "abuse" is a much better term. Therefore, I propose "NTP server abuse". I am using this term in an article I am writing for ;login: magazine (being published by the USENIX association). Moreover, D-Link, Netgear, and SMC are not the only cases of server abuse of this sort -- there is another case, noted by David Malone in the April 2006 issue of ;login:. Brad Knowles Wed May 31 19:08:44 CDT 2006.
I'm confused at how the PHK / D-Link case was "amicably resolved". From a technical point of view, it seems that simply not worrying any more about the existing misuse / abuse is going to cause the bandwidth consumption problem to continue indefinitely. At the very least, I would think they should have agreed to reassign the gps.dix.dk host name to a new IP address (possibly an address belonging to D-Link) — so all that traffic wouldn't keep on getting sent to Denmark — and then given PHK's server a new name, and spread the word about the new host name to the users in Denmark. But as far as I can tell from doing traceroute gps.dix.dk just now, the machine is still in Denmark somewhere. Does anyone know any more technical details of how this case was "resolved" (and why they didn't do something like what I just described)? Richwales 02:48, 29 June 2006 (UTC)
Because it it doesn't help. AARNet still sees lots of traffic for the abandoned CSIRO NTP server IP addresses. Installing a NTP server on those IP addresses would actually generate less traffic as the NTP clients would not re-try continually.-- Gdt 07:07, 17 October 2006 (UTC)
I suspect the most likely resolution was something along the lines of paying enough money to cover his? costs and agreeing to fix the problem in the future. BTW, are you sure the D-Link routers didn't use a hardcoded IP address? In which case reassigning the hostname would achieve no purpose. Nil Einne ( talk) 12:44, 11 May 2011 (UTC)
The Tardis and Trinity College, Dublin is confusing if you just read our description. Reading the sources, it's clear this didn't really involve a NTP server but a HTTP server which used to function an NTP server as well. Tardis implemented an option to get time via HTTP servers in case firewalls blocked NTP servers but didn't do it very well. For example, they only included 4 total HTTP servers and allowed users to set the update interval to 1 minute and also used a GET rather then a HEAD request increasing the amount of data transferred and didn't include a user agent so admins had no way of knowing what was making the requests. Anyway for this reason I'm not sure if it belongs (unless we rename it to time server rather then NTP server as per the request above) but if it does, it needs to be clarified since as it stands, it's confusing (what the heck does HTTP have to do with NTP?) Nil Einne ( talk) 12:53, 11 May 2011 (UTC)
I have seen IPs sending more than 30 packets within one second to my NTP server for more than ten minutes. Is this still the described software error or is it already some sort of a DOS attack? What is a reasonable limit (e.g. connections per IP per minute/second) for a firewall to keep within NTP specifications? Even RFC 1305 seems to be not really helpful - at least I couldn't find an answer there. -- Liberal Freemason ( talk) 16:05, 26 June 2011 (UTC)
Hello fellow Wikipedians,
I have just modified 2 external links on NTP server misuse and abuse. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— cyberbot II Talk to my owner:Online 05:09, 2 July 2016 (UTC)