Great writeup of a flaw in Netgear routers resulting in University of Wisconsin being spammed with NTP requests. Netgear hardcoded a single IP address for an NTP server and then had a mode where if that IP address failed, the router would try again in one second. Didn't these guys ever hear of exponential backoff?

The ironic thing is NTP is the most lightweight useful Internet protocol in existence. A server can handle hundreds of thousands of properly functioning clients; when it works it takes one UDP packet every 17 minutes to serve a client. I did an NTP survey back in 1999; a beautiful peer to peer network.

As seen on Slashdot
techbad
  2003-08-22 23:01 Z