North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Open Letter to D-Link about their NTP vandalism

  • From: Michael.Dillon
  • Date: Thu Apr 13 05:25:21 2006

> What most people participating in this subthread seem to be missing is 
> if one did decide to send (or accidentally sent) false time to these 
> devices, NOBODY WOULD EVER KNOW OR CARE.  Doing so does not solve any 
> problems, so whatever the legal risk of acting is, no matter how small, 
> not worth it.

But there is a larger issue of NTP abuse here that needs
a coordinated technical and legal approach. I suggest that
if you are going to operate a public NTP server you should
also run a web server at the same IP address and publish
your terms of service. If you have given public advance notice
of what constitutes normal use, and what constitutes abuse,
then you are on stronger legal ground. And if you state that
those abusing the service will be disconnected by sending
a KoD packet, and that users who persist after the KoD 
packet will receive a jittered time signal (or delayed
or whatever), then you are on even stronger legal ground.

Of course, you should always consult your lawyer on the
legalities, but it helps your lawyer if you have a 
clear and well-thought out approach to present to him.

This thread has had a lot of good info about NTP best 
practices so I consider it worthwhile, even if most of
the responses were tangential to the original issue.

--Michael Dillon