The global publication of record for High Performance Computing / July 11, 2003: Vol. 12, No. 27

  |  Table of Contents  |  

News Briefs - Networking:

Network Devices Almost Take Down Atomic Clock

If someone wants to set their computer's time with absolute precision using the CSIRO's atomic clock now must make special arrangements, after an army of rogue routers almost took down its public time servers.

Several servers run by the CSIRO, which give precise time and date information, have been moved to secret addresses after falling victim to constant probes by more than 85,000 routers and other network devices.

Australia's key internet infrastructure providers were also forced to take action to block the rogue addresses.

CSIRO's National Measurement Laboratory made the servers - which take their time from caesium, or atomic, clocks - available over the internet in the early 1990s for individuals and organisations who wanted accurate time for their networked devices.

Caesium clocks are accurate to within 100 nanoseconds, although internet latency reduces the accuracy to miliseconds. The National Measurement Laboratory's caesium clock is Australia's official time-keeper, by legislation.

CSIRO time standards section manager Peter Fisk said the lab noticed about a year ago that increased requests were causing a load on the servers, and because most of the requests seemed to be coming from overseas, the organisation decided to change the address of the NTP servers and notify Australian partners of the change.

"The Australian taxpayer pays for the service," he said.

The CSIRO discovered the flood of requests was caused by a device manufacturer hard-coding the IP address of the network time protocol (NTP) server into its network products, setting each one to poll the CSIRO server several times daily to ensure they had accurate time. A CSIRO attempt in March to block traffic from the rogue routers was foiled by another hardware setting.

If the devices did not receive an initial response from the CSIRO's NTP server, they increased their polling frequency to twice a minute.

The extra traffic from the devices, which was first observed at about 200Kbps and rose tenfold as the routers increased, their polling to their original server addresses.

"The traffic went through the roof, and that attracted the attention of Australian internet infrastructure providers - and rightly so - and they contacted us," Dr Fisk said.

He said another problem was that some of the devices were behind firewalls and could not receive the response, even when the network time servers were operating from their original IP addresses, leading them to also boost their polling frequency.

The infrastructure providers took the only action possible - blocking any overseas NTP requests to CSIRO's servers from entering Australia.

Dr Fisk said the CSIRO had limited success communicating with the hardware manufacturer to rectify the problem.

He declined to name the manufacturer, but Australian IT has identified it as US company SMC.

At least two of SMC's router models, the 7004VBR and the 7004VWBR wireless router, have been identified in public forums as having the problem.

SMC has made a firmware download available to fix the problem, but there is no reference to the issue on its website.

SMC does not have offices in Australia, but one of its two authorised resellers, Best Byte, said neither of the authorised resellers sold those models.

Best Byte manager Philip Chan said some of those models had been sold by parallel importers.

Top of Page

  |  Table of Contents  |