Netgear Routers DoS UWisc Time Server
numatrix writes "For the last few months, hundreds of thousands of netgear routers being sold had hardcoded values in their firmware for ntp synchronization, causing a major denial of service to the University of Wisconsin's network before it was filtered and eventually tracked down. Highlights how not to code embedded devices." A really excellent write-up of the incident.
slashdot has hard coded a link to the UWisc CS server, sending a DoS to them too
oh, and fp.
And we would have gotten away too, if it weren't for those meddling kids!
---
WARNING:Slashdot karma not redeemable in the afterlife.
I did that to myself once. It was a piece of software that went to comp.sources.unix (or something similar) and was default-configured to send error mail to an alias that pointed to me. A patch was released very shortly afterwards.
I'd just send the wrong time back to netgear routers. I bet they wouldn't try that again.
UWisc hard codes the date/time on their time time server to 2038-19-01 03:14:00.
After 6 seconds, the netgear will crash and burn as a result of the Y2K38 problem and the requests will be no more.
---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
First the time server
/.)
Then the e-mail server (from the helpdesk requests)
Then the webserver (from
What next?
Oh yeah?! Well, we just /.'d that one, too!
:)
Go ahead, give us another, I dare ya!