![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
gizaOkay, I think I've bashed Microsoft enough about their programming practices, and I'm pretty much equal opportunity when it comes to inept computer programmers. So...
http://www.cs.wisc.edu/~plonka/netgear-sntp/
Here's the summary of the above article:
- 700,000 Netgear routers are deployed
- Each of those routers connects to the NTP time server of the University of Wisconson. The IP address of the server was hardcoded into the software. (The university was not asked first)
- The software is making the connection ONCE PER SECOND.
The end result is a Denial of Service (DoS) attack against the University of Wisconson to the tune of about 150 Megabits per second.
What is the the cause of this? It appears to be a screwup from one or more programmers who wrote the software for the router. What can we learn from this?
1) When deploying a product, do NOT rely on a service that your company does not control nor have a contractual agreement with the service provider. (If the university took down the servers, none of 700,000 routers would have been able to set their clocks)
2) When connecting to a remote system, use the DNS name, not the IP address!
3) When you write code to handle failure to connect to a service, do NOT retry again every second from now until infinity. A good approach for deciding when to re-transmit is to use the binary exponential backoff algorithm. Try again in 1 second, then 2 seconds, then 4, then 8, then 16, etc. This is the same algorithm that TCP uses (the protocol that is used for downloading webpages and sending/receiving e-mails) for when it is unable to connect to a host.
(Note to self: be careful about purchasing Netgear products...)
http://www.cs.wisc.edu/~plonka/netgear-sntp/
Here's the summary of the above article:
- 700,000 Netgear routers are deployed
- Each of those routers connects to the NTP time server of the University of Wisconson. The IP address of the server was hardcoded into the software. (The university was not asked first)
- The software is making the connection ONCE PER SECOND.
The end result is a Denial of Service (DoS) attack against the University of Wisconson to the tune of about 150 Megabits per second.
What is the the cause of this? It appears to be a screwup from one or more programmers who wrote the software for the router. What can we learn from this?
1) When deploying a product, do NOT rely on a service that your company does not control nor have a contractual agreement with the service provider. (If the university took down the servers, none of 700,000 routers would have been able to set their clocks)
2) When connecting to a remote system, use the DNS name, not the IP address!
3) When you write code to handle failure to connect to a service, do NOT retry again every second from now until infinity. A good approach for deciding when to re-transmit is to use the binary exponential backoff algorithm. Try again in 1 second, then 2 seconds, then 4, then 8, then 16, etc. This is the same algorithm that TCP uses (the protocol that is used for downloading webpages and sending/receiving e-mails) for when it is unable to connect to a host.
(Note to self: be careful about purchasing Netgear products...)
