Internet Security Industry News
Netgear routers attack university
August 25, 2003
A design flaw in a router product has seen the University of Wisconsin's network bombarded with network time protocol synchronisation requests, in an accidental denial of service (DoS) attack.
The university's administrators noticed a dramatic increase in in-bound traffic to its time server, and eventually traced the cause to a Netgear router product. A full analysis was posted on the university's Web site.
The router was hard-coded to synchronise its clock to the university's time server, meaning that every unit sold and deployed began bombarding the machine with requests as often as once a second. "I have counted more than 500,000 unique Netgear sources that queried our time server in one day. This measurement likely underestimates the actual count," the analysis read. "As of June 30, 2003, Netgear reported a total of 707,147 affected products manufactured."
A similar problem forced the CSIRO to take down its public time server in April this year after a US manufacturer, SMC, hard-coded its network time server into its code. The flood of requests from 85,000 of the devices proved too difficult to service. Dave Plonka, who wrote the analysis, is planning on educating vendors on the down-side of hard-coding IP specific servers into their products.
"I am in the process of preparing an Internet Draft, currently titled 'Embedding Globally Routable Internet Addresses Considered Harmful', which denounces the practice of embedding unique, globally routable IP addresses in Internet hosts, describes some of the resulting problems, and considers selected alternatives."
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing