NetGear flaw triggers accidental DoS attack

The problem occurred because of a flawed implementation of the Network Time Protocol (NTP), which is a method commonly used by network devices to contact special "time" servers that pass on the correct time and date. This information is important for routers, because they generate a variety of time-sensitive logs. The University of Wisconsin at Madison hosts a publicly accessible time server that some NetGear products use to synchronize their times.

"Certainly, we have had excessive traffic on our network because of the Netgear routers," said Annie Stunden, chief information officer at the University of Wisconsin. "However, they have been extremely helpful. We are going to build out a more robust network."

The flawed routers work fine until one of their periodic requests for the correct time goes unanswered. If, for whatever reason, the time server is unavailable, the flawed router will continue sending requests until it is answered.

In June, the University of Wisconsin's NTP server was the victim of a huge denial-of-service attack. The university claims that it was receiving 250,000 requests per second, which equated to hundreds of megabits per second. The attack was not planned or malicious but caused by hundreds of thousands of low-cost Netgear routers repeatedly requesting the latest time, which caused the university's NTP server to fail.

According to a report published on the university's Web site, the "unexpected behavior of these products presents a significant operational problem for years to come."

Madison is planning to build out its network with the help of funds that NetGear will supply, Stunden said. "We are going to have to provide the service for however long we need to," she said. "Who knows what the half-life of these routers are. Home users may keep using them for a long time." Home users constitute a large portion of the NetGear customer base.

NetGear confirmed that it plans to help the university deal with the issue. Only NetGear router models RP614, RP614v2, DG814, MR814 and HR314 are affected by the flaw. Anyone using one of these models can upgrade their firmware with an appropriate patch from the NetGear Web site. However, spokesman Doug Hagan stressed that the issue isn't affecting many customers.

"The issue with the NetGear routers and the University of Wisconsin does not impact the customers' experience," he said. "It is a small detail within the router--it affects the time. We have gotten two or three calls from customers on it."

Changes in the firmware include using time servers that NetGear now hosts and using an algorithm that creates longer delays when a request fails.

ZDNet UK's Munir Kotadia reported from London.

Network hardware maker NetGear has warned its customers of a flaw in some of its router products that has set off an accidental denial-of-service attack on the University of Wisconsin.

The problem occurred because of a flawed implementation of the Network Time Protocol (NTP), which is a method commonly used by network devices to contact special "time" servers that pass on the correct time and date. This information is important for routers, because they generate a variety of time-sensitive logs. The University of Wisconsin at Madison hosts a publicly accessible time server that some NetGear products use to synchronize their times.

"Certainly, we have had excessive traffic on our network because of the Netgear routers," said Annie Stunden, chief information officer at the University of Wisconsin. "However, they have been extremely helpful. We are going to build out a more robust network."

The flawed routers work fine until one of their periodic requests for the correct time goes unanswered. If, for whatever reason, the time server is unavailable, the flawed router will continue sending requests until it is answered.

In June, the University of Wisconsin's NTP server was the victim of a huge denial-of-service attack. The university claims that it was receiving 250,000 requests per second, which equated to hundreds of megabits per second. The attack was not planned or malicious but caused by hundreds of thousands of low-cost Netgear routers repeatedly requesting the latest time, which caused the university's NTP server to fail.

According to a report published on the university's Web site, the "unexpected behavior of these products presents a significant operational problem for years to come."

Madison is planning to build out its network with the help of funds that NetGear will supply, Stunden said. "We are going to have to provide the service for however long we need to," she said. "Who knows what the half-life of these routers are. Home users may keep using them for a long time." Home users constitute a large portion of the NetGear customer base.

NetGear confirmed that it plans to help the university deal with the issue. Only NetGear router models RP614, RP614v2, DG814, MR814 and HR314 are affected by the flaw. Anyone using one of these models can upgrade their firmware with an appropriate patch from the NetGear Web site. However, spokesman Doug Hagan stressed that the issue isn't affecting many customers.

"The issue with the NetGear routers and the University of Wisconsin does not impact the customers' experience," he said. "It is a small detail within the router--it affects the time. We have gotten two or three calls from customers on it."

Changes in the firmware include using time servers that NetGear now hosts and using an algorithm that creates longer delays when a request fails.

ZDNet UK's Munir Kotadia reported from London.