[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] Flawed Routers Flood University of Wisconsin Internet Time Server
Date: Fri, 29 Aug 2003 13:54:02 -0400 From: Tom Goltz <tgoltz@QuietSoftware.com> Subject: Flawed Routers Flood University of Wisconsin Internet Time Server X-Sender: tgoltz@mail.quietsoftware.com To: dave@farber.netDave - I think this would be an excellent item for distribution to the IP list - very important reading for anyone implementing network software or devices that will be using network services provided by a third party. (To give credit where it's due, I found a link to this on Phil Kaplan's profanely-named web site.)Flawed Routers Flood University of Wisconsin Internet Time Server Netgear Cooperating with University on a ResolutionDave Plonka, August 21, 2003 - <http://www.wisc.edu>University of Wisconsin-Madisonupdated $Date: 2003/08/27 18:42:42 $ plonka at doit dot wisc dot edu ABSTRACTIn May 2003, the University of Wisconsin - Madison found that it was the recipient of a continuous large scale flood of inbound Internet traffic destined for one of the campus' public Network Time Protocol (NTP) servers. The flood traffic rate was hundreds-of-thousands of packets-per-second, and hundreds of megabits-per-second.Subsequently, we have determined the sources of this flooding to be literally hundreds of thousands of real Internet hosts throughout the world. However, rather than having originated as a malicious distributed denial-of-service (DDoS) attack, the root cause is actually a serious flaw in the design of hundreds of thousands of one vendor's low-cost Internet products targeted for residential use. The unexpected behavior of these products presents a significant operational problem for UW-Madison for years to come.This document includes the initial public disclosure of details of these products' serious design flaw. Furthermore, it discusses our ongoing, multifaceted approach toward the solution which involves the University, the products' manufacturer, the relevant Internet standards (RFCs), and the public Internet service and user communities.http://www.cs.wisc.edu/~plonka/netgear-sntp/
------------------------------------- To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC