NTP Pool Abuse by a German vendor called Viessmann

#1

Hi everyone, I recently found out about an NTP Pool Abuse by the manufacturer of my heating system. Their small wifi cloud box resolves 0./1./2./3.pool.ntp.org every 7 seconds and then sends one NTP request to 4 pool servers. Every seven seconds.

I tried to reach out to them and after a while they at least confirmed they are aware of this and will change it, but they have no ETA for it. They know about this since more than 40 days now and still no fix and no ETA for a fix. Fortunately they can update their devices without user interaction (which I typically do not like but in this case it is at least useful).

I wrote an article about this whole experience: “How to NOT use the NTP Pool”. Not sure if public shaming helps, but I did not really make any progress on explaining the situation to them and thought that at least they can be useful as an “how to NOT do it” example…

Not quite like the D-LINK desaster, but still …

0 Likes

#2

Funny how they will code such crap wasting bandwidth and processing power, but are too cheap to spend a few pennies on implementing a RTC with a decent oscillator in their hardware that could then maybe synchronize once a day, or week, or even month and nobody would notice.

Maybe it’s time these IoT vendors use their own NTP servers, then they would have some incentive to write better code.

0 Likes

#3

Pinging @stevos
Another Project/Vendor you might want to contact?

0 Likes

#4

Thanks!

I saw that in LinkedIn via the Meinberg Post. I have pinged them to connect on this and on other NTP Stuff. @HeikoG, I hope we can chat soon.

This is a very common error and the folks just don’t know any better, they don’t remember or they conveniently forget as it suits them. Then the abuse is simply built into their architecture, managed by those that inherited the “product.”

NTF is assumed to be the managing entity of the NTP Pool by many individuals and corporations. Obviously we are not, but what a great opportunity to clear things up and educate with some articles and posting about the NTP Pool, AND about Network Time Foundation.

Articles for awareness for the pool are badly needed to help curb the abuse. Then someone actively needs to contact these abusers. The articles written by respected time-nerds and thought-leaders are really great for enforcing proper use, as it gives real life examples and a name that people notice and listen too.

So again for this, I would like to talk to Meinberg folks first to learn more about the vendor and what they may have done already before jumping in and stirring up the pot…

0 Likes