NTP Pool Abuse by a German vendor called Viessmann

Hi everyone, I recently found out about an NTP Pool Abuse by the manufacturer of my heating system. Their small wifi cloud box resolves 0./1./2./3.pool.ntp.org every 7 seconds and then sends one NTP request to 4 pool servers. Every seven seconds.

I tried to reach out to them and after a while they at least confirmed they are aware of this and will change it, but they have no ETA for it. They know about this since more than 40 days now and still no fix and no ETA for a fix. Fortunately they can update their devices without user interaction (which I typically do not like but in this case it is at least useful).

I wrote an article about this whole experience: “How to NOT use the NTP Pool”. Not sure if public shaming helps, but I did not really make any progress on explaining the situation to them and thought that at least they can be useful as an “how to NOT do it” example…

Not quite like the D-LINK desaster, but still …

Funny how they will code such crap wasting bandwidth and processing power, but are too cheap to spend a few pennies on implementing a RTC with a decent oscillator in their hardware that could then maybe synchronize once a day, or week, or even month and nobody would notice.

Maybe it’s time these IoT vendors use their own NTP servers, then they would have some incentive to write better code.

1 Like

Pinging @stevos
Another Project/Vendor you might want to contact?

1 Like

Thanks!

I saw that in LinkedIn via the Meinberg Post. I have pinged them to connect on this and on other NTP Stuff. @HeikoG, I hope we can chat soon.

This is a very common error and the folks just don’t know any better, they don’t remember or they conveniently forget as it suits them. Then the abuse is simply built into their architecture, managed by those that inherited the “product.”

NTF is assumed to be the managing entity of the NTP Pool by many individuals and corporations. Obviously we are not, but what a great opportunity to clear things up and educate with some articles and posting about the NTP Pool, AND about Network Time Foundation.

Articles for awareness for the pool are badly needed to help curb the abuse. Then someone actively needs to contact these abusers. The articles written by respected time-nerds and thought-leaders are really great for enforcing proper use, as it gives real life examples and a name that people notice and listen too.

So again for this, I would like to talk to Meinberg folks first to learn more about the vendor and what they may have done already before jumping in and stirring up the pot…

@ask @stevos
Update: I got in touch with them, they implemented a fix in a beta firmware they will install on my box at home to allow me to check that everything is now in order.

They also reached out to me and asked me to help them to get a vendor zone. Who might be the right contact for this? I tried to send an email to Ask a week ago and did not receive a response yet. I know that he is super busy, so maybe someone else would be available to chat with these people?

Thanks and best regards,
Heiko

1 Like

@HeikoG, having an ntppool account, then it is possible to apply for the creation of a new vendor zone at: https://manage.ntppool.org/manage/vendor/new

Hi @NTPman, great time to get them thinking about supporting the pool financially and recognizing the importance of time to everything, too. Does that registration have a mechanism for financial contributions?

I work over here at Network Time Foundation, and we are set up as a 501c3, so theoretically we can help in this respect.

@HeikoG We are currently working on a bundle for a large unnamed org that includes a good sum for the pool and a decent NTF Membership on top of that. It will take a bit of coordination among NTF, the NPT Pool (ASK), and PublicNTP

Its our first try on this bundle, and afterwards we have hinted at normalizing this if it goes well. I’d love to do more of these as this becomes more of a one-stop-shop to support the NTP Community and ecosystem (a-la the Linux Foundation and it being all things Linux ecosystem).

@HeikoG, i will fill you in when we speak upon your return.

Steve

@heikog - This is the Vendor Rules Page: https://www.ntppool.org/en/vendors.html

This is the page for them to apply: https://manage.ntppool.org/manage/vendor.

For Veissmann, @HeikoG, PM the contact name to me on my NTF address, and I will walk them thru the links and discuss becoming a sponsor and good corporate citizen:).

Hi Guys,
I’m a Viessmann’s IT admin. We’re trying to get a vendor zone and contribute to NTF but didn’t get any response for one or two months. I also sent an e-mail to vendors@ntppool.org and ask@develooper.com yesterday after a week without response to my vendor zone request.
Please contact me directly or respond to my vendor request, so we can finally make it clear.

Michał

1 Like

Hi Michał,

Steve Sullivan @ Network Time Foundation reaching out to you to see if anyone has responded to you from the pool. Also, wondered if you applied for the Vendor zone on https://manage.ntppool.org/manage/vendor, which gives the NTP Pool an idea of what the load is going to look like.

I do have to say that I am not an official pool spokesperson and that NTF has a dotted-line relationship/collaboration. Just wanting to help out the NTP Pool, the NTP Community, NTP users and Veissmann.

Hi Steve,
I did apply for a Vendor zone and also sent a reminding email yestarday to Ask and vendors@ntppool.org but I never received any answer.

1 Like

I have pinged @ask about this issue.

Right now its ONLY ask that can add a vendor zone.
But in beta staff helpers like me also can add vendor zones, so improvement is on the way.