In May 2003, the University of Wisconsin - Madison found that it was the recipient of a continuous large scale flood of inbound Internet traffic destined for one of the campus' public Network Time Protocol (NTP) servers. The flood traffic rate was hundreds-of-thousands of packets-per-second, and hundreds of megabits-per-second.
Subsequently, we have determined the sources of this flooding to be literally hundreds of thousands of real Internet hosts throughout the world. However, rather than having originated as a malicious distributed denial-of-service (DDoS) attack, the root cause is actually a serious flaw in the design of hundreds of thousands of one vendor's low-cost Internet products targeted for residential use. The unexpected behavior of these products presents a significant operational problem for UW-Madison for years to come.
This document includes the initial public disclosure of details of these products' serious design flaw. Furthermore, it discusses our ongoing, multifaceted approach toward the solution which involves the University, the products' manufacturer, the relevant Internet standards (RFCs), and the public Internet service and user communities.
The NETGEAR products known to have the problem are: RP614v2 ( v5.13 ), RP614 ( v4.14 ), MR814 ( v4.13 ), DG814 ( v4.8 ) and HR314 (not available). The revised firmware versions are shown in parentheses.
Since NETGEAR now has its own NTP server, we encourage upgrading for more reliable time synchronization. Thank you.
Other NETGEAR routers do not have this issue.