Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netgear Routers DoS UWisc Time Server

Posted by michael on from the RISKs-fodder dept.

numatrix writes "For the last few months, hundreds of thousands of netgear routers being sold had hardcoded values in their firmware for ntp synchronization, causing a major denial of service to the University of Wisconsin's network before it was filtered and eventually tracked down. Highlights how not to code embedded devices." A really excellent write-up of the incident.

8 of 447 comments (clear)

  1. I wonder what NetGear's liability is. by Jammer@CMH · · Score: 5, Interesting

    Were this a Haxor attack, there would be criminal liability. I'm willing to believe that it was a simple mistake, with no criminal intent, but would NetGear be liable civilly?

    1. Re:I wonder what NetGear's liability is. by seanadams.com · · Score: 4, Interesting

      They probably would be liable. What surprised me was that the article made no mention of the financial impact of the flood... are the guys who run the network so far removed from the guys who pay the bills that they have no idea, or do the universities get such sweet deals on bandwidth that it doesn't matter?

      I mean, we're talking 150+ Mbps here, for months on end. That's $15K/mo in bandwidth, assuming they have a really good deal and pay only $100/Mbps/mo.

  2. Analysis Tools used in this article.. by joeldg · · Score: 4, Interesting

    Wow, that list of Analysis Tools used for tracking this down had a bunch that I was not familiar with.

    RRGrapher, FlowScan and Cflow being ones I have never messed with..

    Cool.. new tools to play with!

    --
    anime+manga together at last.. in real time.
  3. Re:Err why ? by rusty0101 · · Score: 4, Interesting

    Routers tend to log activities such as access, configuration changes, firewall violation detection, etc. and it is often handy to know when that event occured.

    Home centric routers do not tend to have their clocks set before shipping as there is no assurance that a battery keeping that clock powered will be doing so ver the entire span of time from manufacture to customer plugging it in. Even if it did the drift involved would give some inaccuracy as well.

    There are two correct solutions. One is that Netgear should operate their own time server and hard code that server as a secondary or fallback time server. The primary time server should be aquired from the internet service provider when they get their network ip address via dhcp.

    -Rusty

    --
    You never know...
  4. Our usage graph...You Jerks! by ShortSpecialBus · · Score: 5, Interesting

    want to see what the usage graph for a slashdotting looks like?

    http://www.cs.wisc.edu/cgi-bin/cricket/grapher.cgi ?target=%2Fweb-servers%2Fwww;ranges=d%3Aw;view=Acc ess

    Yeah, I work at the CSL at UW Computer Sciences, and the tracking of this netgear issue was quite an interesting tale. Had us stumped for quite some time.

    --
    //FIXME: Bad .sig
  5. It generated costs on the other side too by Anonymous Coward · · Score: 5, Interesting

    This didn't only generate trouble for U of Wisconsin, it also generated a lot of cost for some people using the router. Since the server was down, the Firmware has been trying to connect to the time server constantly, thereby keeping the connection from timing out. (Who wrote that algorithm?) For people whos connections are on metered internet access, this ment the connnection was never closed and they are stuck with the bill.

    Aparently there are a lot of Netgear users in Germany who are stuck with horrendous bills now. I wonder if Netgear is going to pick those bills up?

  6. They originally thought it was an IT Dept! by altek · · Score: 4, Interesting

    This is funny - one of the head sysadmins for UW's network ops gave a firewall talk in one of my grad classes last semester. I remember him saying that they recently put a packet filter on their FW to block NTP requests because they started getting high numbers of them..

    They thought that maybe somewhere someone had published a net time server in a document or whatever and that an IT department was deploying it on workstations or there was a document floating around telling people to set it up as their time server...

    Looks like they finally got to the bottom of it!

    --
    THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE
  7. They're not the only ones by whterbt · · Score: 4, Interesting

    I took a Unix course at the University of Colorado in Fall 2001, I think. We had a guest lecture from Evi Nemeth, who is a professor emeritus at CU.

    She had done some work on a couple of the DNS root servers, G and H if memory serves. She showed a rate of query graphs for those servers. There was a huge jump in the middle of the graphs that corresponded neatly with the release of Windows 2000.

    Turns out Win2000 had it hard-coded to consult the DNS root servers every time it wanted to run a nslookup!

    --
    Too late to be known as Bush the First, he's sure to be known as Bush the Worst.