- Protecting yourself from a new online scam
- Diary of a deliberately spammed housewife
- Silly Internet traditions: A concise history
- How to avoid laptop loss at the airport
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
If you own a Netgear router, Annie Stunden would like you to stop pinging her network.
The University of Wisconsin, Madison's CIO says that a software glitch in some Netgear products has the routers bombarding the school's publicly accessible Network Time Protocol (NTP) server to update network time and date. Such data is important for routers, because they generate a variety of time-sensitive logs.
Several versions of Netgear's consumer routers - models RP614, DG814, MR814 and HR314 - were shipped with code that has the devices pinging UW's NTP server to set their internal clocks. The pinging can be triggered when the router goes offline, is unplugged or is reset, usually without the knowledge of the product's owner. If the NTP is unavailable, the router will continue pinging the device until it answers.
As a large public institution, the university is used to seeing its share of hacker activity, Napster-like file swapping, and other bandwidth abuses from outside and within. But in May, UW network staff noticed an unusual amount of traffic hitting its NTP server, which it runs as a public service over the Internet, as do many other institutions with a large Internet presence.
"It was sort of a complex situation," Stunden says. "We found a lot of network traffic coming in a couple of months ago, looking like a denial-of-service attack on our network. We said, 'what's banging at us,' and when we looked into it, we found it was a very specific kind of traffic, coming from a specific kind of Netgear router."
One solution might have been to take the NTP server offline, or move it to another IP address, Stunden says, but the Netgear routers were pinging a whole sub-range of addresses. "It would not have done any good," she says. "Those Netgear routers would still come here. The only other solution would be to shut down a whole Class A address that we use, and that's not practical."
The method of programming routers to ping public NTP servers to set their clock time is common in the industry, says Leslie Adams, vice president of marketing for Netgear. Most NTP implementations on routers ping multiple sites in a random order.
"It's just a matter of making sure your products don't ping the same server all the time," Adams says. She doesn't know why Wisconsin's NTP server IP address was programmed into the affected routers. The products were developed by Netgear engineers and some OEM partners.
The idea of a single link (consolidating I/O and storage) being a single point of failure doesn't stand...- Fernando Sanchez
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comments (1)
Netgear router quirk perturbs collegeBy Anonymous on March 16, 2007, 10:40 amI have had lots of problems with accessing this modem, it seems to me that it is an unsafe, cheap and nasty model...no wonder that some servers are giving these...
Reply | Read entire comment
View all comments