Netgear flaw triggers 'accidental' DoS attack

A flaw in some Netgear router models is responsible for causing huge denial of service attacks - by accident

Network hardware maker Netgear has warned its customers of a flaw in some of its router products that could set off an "accidental" denial of service (DoS) attack.

The problem occurs because of a flawed implementation of the Network Time Protocol (NTP), which is a method commonly used by network devices to contact special "time" servers that pass on the correct time and date. This information is important for routers because they generate a variety of time-sensitive logs.

The flawed routers work fine until the moment one of their periodic requests for the correct time goes unanswered. If for whatever reason the "time" server is unavailable, the flawed router will continue sending requests until it is answered.
Earlier this year, the University of Wisconsin's NTP server was the victim of a huge DoS attack. The University claims it was receiving 250,000 requests per second, which equated to hundreds of megabits per second. The attack was not planned or malicious, but caused by hundreds of thousands of low-cost Netgear routers repeatedly requesting the latest time, causing the University's NTP server to fail.

According to the University of Wisconsin, which is currently working with Netgear to resolve the issue, the "unexpected behaviour of these products presents a significant operational problem for years to come." A full report of the attack is available on the University's Web site.

Only Netgear router models RP614, RP614v2, DG814, MR814 and HR314 are affected by the flaw. Anyone using one of these models should upgrade their firmware with an appropriate patch from the Netgear Web site.

Netgear did not immediately respond to requests for comment.