Software and devices without a vendor zone

Found an other project with hardcoded pool.ntp.org zone names.

Created already a issue

Yeah, there are way too many of these. Last I looked about 60% of DNS queries were for the “non-vendor” DNS names, and I suspect a higher proportion of the NTP queries (since someone signing up for a vendor zone hopefully reads more documentation and looks at their implementation a little more carefully).

Anyone “spotting” others, please leave a note here. It’s quite a lot of work to get it changed for each vendor, but having a list might both create a little attention to the issue and for another “incident” in the future it might make it quicker to figure out who it is.

I did a Google search for:

“pool.ntp.org” include return filetype:c

and was able to spot many in a few minutes:

• https://github.com/marvell-iot/aws_starter_sdk/blob/master/sample_apps/net_demo/ntpc_demo/src/main.c
• https://github.com/espressif/esp-idf/blob/master/examples/06_sntp/main/sntp_main.c
• https://www-users.cs.york.ac.uk/~pcc/Circuits/mbed/baseboard/code/sntp.c
• http://on6ll.be/PIC-WEB%205.42/Microchip/TCPIP%20Stack/SNTP.c
• ntp.c in src/router/rc – DD-WRT
• sntp.c in UsbWattMeter/trunk/lwip-1.4.1/apps/sntp – Contributed Software

But I wonder, do we really want to have a vendor for every piece of software that uses the pool? It doesn’t seem realistic…

In any case, I think that we should get in touch with DD-WRT, this is a popular piece of software.

I reported the issue with DD-WRT:
https://www.dd-wrt.com/dd-wrtv2/bugtracker/view.php?id=4813

I contacted Zentyal about their use of pool.ntp.org:
https://wiki.zentyal.org/wiki/En/3.5/Time_synchronization_service_(NTP)

Created an issue with Adafruit for their CC3000 Lib but they’re likely using the pool in many of their projects.

So you would like a report of devices that are not using a vendor specific fqdn for ntp pool?

If so I can tell you for sure the hs110 smart plug from tp-link is doing queries for just regional ntp pool… And what drives me nuts is EU based or UK specific - and I am using their product in the US.

My current log shows it looking for
uk.pool.ntp.org

I redirect this to my local ntp…

I don’t have access to is source, but just from logging its dns I can see who its asking for…

I’m going to contact TP-Link and ask for a technical contact. Hopefully we could notify them about that issue.

Has someone a router of TP-Link and could verify that there is the same issue ?

Additionaly i’m going to contact AVM. They use 0.europe.pool.ntp.org as default.

Answer from AVM:

The issue was forwarded to the corresponding product owner.

Yes. I’m not really sure how much it’ll help, but I think it’s worth a try. In particular if others (like Jan-Philipp, thank you!) are up for politely trying to inform the vendors.

Well they make 100’s of thousands of products that are deployed in not millions… All over the world with tp-link… So having them use the correct ntp should at min keep them in their region right hehehe

I think is a great idea and will keep an eye out for any other sort of mischief…

I wrote TP-Link. I waiting for a reply

hi guys,

I analyzed an issue that sprang from a forum question on the Flightradar24 website, it appears the fr24feed program that is typically run on raspberry PI’s has a bunch of hardcoded pool servers in them from all over the planet.

Maybe your unique leverage can bring them to sanity…

greetings,

Harm

I’d guess less than 10k systems deployment worldwide? It’s a niche hobby area, not saying we shouldn’t encourage them to use the pool properly but it’s likely there are a lot bigger abusive systems out there.

It also shows that a lot of the work to find systems abusing the pool will need to be done by DNS analysis.

It’s not to discourage them, but to help make them use the pool correctly. If they have their own hostname we have a (vague) chance of diagnosing what’s going on if their use goes haywire and it gives us a moment to have an educational opportunity explaining a bit about how to use the pool (for example not using 1.{every-continent}.pool.ntp.org many times an hour/day/whatever like the FR24Feed thing apparently does).

Good points

Reply from TP-Link:

Thank you for your feedback. Could you possibly set up a “vendor zone” for this?

@ask: Could you setup one and send it to me ? Or must they do that ?

Great, thank you. They should do it so they can fill out the forms for contact information etc.

Ok, thanks.

A minute ago i saw that my NAS (Synology) also use the pool as default without vendor zone. I mailed Synology

I’d independently contacted Flightradar24 about their usage based on the thread @hnapel mentioned. I’ve just had a reply from them saying their client does do those lookups but they will review. I’ve pointed them in the direction of the Vendor page and copied you in @ask (hope that was ok!).