Tardis and Time by HTTP

Tardis is a nice piece of software for synchronising the time on Windows PCs to Internet time servers. Unfortunately, due to an combination of circumstances, Tardis users of the world using the HTTP mode are mounting an unintended attack on our web server. You can read more details in my article from the April 2006 issue of login.

We have tried to contact a number of the users of Tardis involved in this attack, but have not received any replies from those we have e-mailed. There are thousands of Tardis users involved and it is not possible for us to find e-mail addresses for all of them.

With the blessing of Tardis Support, we are now telling all computers using Tardis in HTTP or HTTP Proxy mode that the time is "Fri, 31 Dec 1999 23:59:59 GMT". We hope this will attract the attention of Tardis users who can contact tardis@kaska.demon.co.uk to find out how to fix this issue.

We did explore other options with Tardis Support, but they felt this was the best option. We have also made suggestions to them about how to make their HTTP and HTTP Proxy mode more friendly (by adding a User-Agent header and using a HEAD rather than a GET request).

How did this happen?

The first contributing circumstance is that many PCs now live behind firewalls that only allow them to speak HTTP (web) to the rest of the Internet. This is bad for many reasons, but the important one here is that it stops computers speaking NTP, the protocol designed to synchronise clocks on the Internet.

In response to demand from users stuck in these broken networks, the authors of Tardis devised a method for setting clocks using HTTP. When choosing servers which might provide the time by HTTP, the authors checked a list of public NTP servers to see which were also running HTTP servers. Our web server was one such machine, and was one of three added to the default configuration file for Tardis.

The second problem is that the list of NTP servers checked by the authors of Tardis seems to have been out of date. The machine which they chose has not been a public time server since before 1996, however due to a slip on the part of the person maintaining the list of NTP servers it remained there until mid 2000.

The final part of the puzzle is that the interval at which Tardis checks the time can be manually configured with a slider, and many people seem to have set this to "once per minute". This is far too often for NTP and way way way too often for HTTP.

HTTP is not a suitable protocol for time synchronisation, and we would not have considered offering such a service publicly. The load on our web server due to these requests has now become a nuisance so we have had to take action. The authors of Tardis have assured us that our server will not be listed as a HTTP server in the next release.