http://australianit.news.com.au/articles/0,7204,6716567%5E15306%5E%5Enbv%5E,00.html

It seems that a U.S. manufacturer of Internet routers programmed its products to check the CSIRO NTP time server. The CSIRO servers were being constantly probed by ~ 85000 routers, so they decided to change their address and not tell anybody.

Love it. Did they ping Ebay to test their WAN connection? :rolleyes:

I'm going to let everyone in on a secret... "Made In USA" is in no way a seal of quality. We've been making shoddy products for years...

So that's what it was. I was aware of CSIRO geting hosed by endless NTP requests. 85000 routers requesting updates twice a minute will do that.

Originally posted by PixyMisa
So that's what it was. I was aware of CSIRO geting hosed by endless NTP requests. 85000 routers requesting updates twice a minute will do that.

Twice a minute??!! No wonder they're getting hosed! Why do they think they need a clock update every 30 seconds? So they really think their clock is so crappy it's going to drift by any significant amount during that time?

Geez...if you're going to use a public time server, at least set minpoll and maxpoll to something reasonable.

Originally posted by shanek

Twice a minute??!! No wonder they're getting hosed! Why do they think they need a clock update every 30 seconds? So they really think their clock is so crappy it's going to drift by any significant amount during that time?

They didn't need a time update that often, they kept querying because they were not getting a response. Some of them were behind firewalls, etc. so could not pick up the return packets.

Yet another reason to buy Cisco.

Yet another reason to hire _professionals_ instead drones to work in your IT department. A _professional_ audits everything a piece of network connected equipment does before putting it on his network.

Originally posted by arcticpenguin

They didn't need a time update that often, they kept querying because they were not getting a response. Some of them were behind firewalls, etc. so could not pick up the return packets.

... Although the article states that the routers were routinely polling "several times daily", which still seems a bit over the top. How accurate does a router's clock need to be, anyway?

http://www.cs.wisc.edu/~plonka/netgear-sntp/

It happens again, this time at the University of Wisconsin.

In May 2003, the University of Wisconsin - Madison found that it was the recipient of a continuous large scale flood of inbound Internet traffic destined for one of the campus' public Network Time Protocol (NTP) servers. The flood traffic rate was hundreds-of-thousands of packets-per-second, and hundreds of megabits-per-second.

Subsequently, we have determined the sources of this flooding to be literally hundreds of thousands of real Internet hosts throughout the world. However, rather than having originated as a malicious distributed denial-of-service (DDoS) attack, the root cause is actually a serious flaw in the design of hundreds of thousands of one vendor's low-cost Internet products targeted for residential use.

Hundreds of megabits per second in NTP requests?

Seems just a tad excessive :rolleyes: