Posted by Richard N Williams on November 26th, 2008
NTP time server (Network Time Protocol) abuse is quite often unintentional and fortunately thanks to the NTP pool is less frequent than it was although incidents still happen.
NTP server abuse is any act that violates the access rules of a NTP time server or an act that damages it in any way. Public NTP servers are those servers that can be accessed from across the Internet by devices and routers to use as a timing source to synchronise a network to. Most public NTP time servers are non-profit and set up as acts of generosity, mostly by University’s or other technical centres.
For this reason access rules have to be set up as huge amounts of traffic can generate giant bandwidth bills and can lead to the NTP time server being turned off permanently. Access rules are used to prevent too much traffic from accessing stratum 1 servers, by convention stratum 1 servers should only be accessed by stratum 2 servers which in turn can pass the timing information on down the line.
However, the worst cases of NTP server abuse have been where thousands of devices have sent requests for time, where in the hierarchical nature of NTP only one is needed.
Whilst most acts of NTP abuse are intentional some of the worst abuses of NTP time servers have been committed (albeit unintentionally) by large companies. The first large firm discovered to have been guilty of NTP abuse was Netgear, who, in 2003 released four routers that were all hard coded to use the University of Wisconsin’s NTP server, the resulting DDS (Distributed Denial of Service) reached nearly 150 megabits a second.
Even now, five years on and despite the release of several patches to fix the problem and the University being compensated by Netgear the problem still continues as some people have never patched their routers.
Similar incidents have been committed by SMC and D-Link. D-Link in particular caused controversy as when the matter was drawn to their attention they decided to bring the lawyers in. Only after it was discovered that they violated nearly 50 NTP servers did they attempt resolve the problem (and only after scathing press coverage did they relent).
The easiest way to avoid such problems is to use a dedicated external stratum 1 time server. These devices are relatively inexpensive, simple to install and far more accurate and secure than online NTP servers. These devices receive the time from atomic clocks either from the GPS network (Global Positioning System) .