Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netgear Routers DoS UWisc Time Server

Posted by michael on from the RISKs-fodder dept.

numatrix writes "For the last few months, hundreds of thousands of netgear routers being sold had hardcoded values in their firmware for ntp synchronization, causing a major denial of service to the University of Wisconsin's network before it was filtered and eventually tracked down. Highlights how not to code embedded devices." A really excellent write-up of the incident.

3 of 447 comments (clear)

  1. I wonder what NetGear's liability is. by Jammer@CMH · · Score: 5, Interesting

    Were this a Haxor attack, there would be criminal liability. I'm willing to believe that it was a simple mistake, with no criminal intent, but would NetGear be liable civilly?

  2. Our usage graph...You Jerks! by ShortSpecialBus · · Score: 5, Interesting

    want to see what the usage graph for a slashdotting looks like?

    http://www.cs.wisc.edu/cgi-bin/cricket/grapher.cgi ?target=%2Fweb-servers%2Fwww;ranges=d%3Aw;view=Acc ess

    Yeah, I work at the CSL at UW Computer Sciences, and the tracking of this netgear issue was quite an interesting tale. Had us stumped for quite some time.

    --
    //FIXME: Bad .sig
  3. It generated costs on the other side too by Anonymous Coward · · Score: 5, Interesting

    This didn't only generate trouble for U of Wisconsin, it also generated a lot of cost for some people using the router. Since the server was down, the Firmware has been trying to connect to the time server constantly, thereby keeping the connection from timing out. (Who wrote that algorithm?) For people whos connections are on metered internet access, this ment the connnection was never closed and they are stuck with the bill.

    Aparently there are a lot of Netgear users in Germany who are stuck with horrendous bills now. I wonder if Netgear is going to pick those bills up?