Wednesday, October 06, 2004
Unintentional DDoS attack on UW-Madison Internet Time Server
I read about this incident in this issue of Dr. Dobb's and found it interesting enough to write about it in my blog :)
UW-Madison has a public NTP server on campus. It is a primary (stratum 1) NTP server. Basically the primary NTP servers are directly connected to a reference clock (stratum 0) which synchronizes to the current time (UTC) using some technique like GPS transmission etc. Since the load on the primary NTP servers is high, typically clients should not connect to these servers. Instead they should connect to a secondary (stratum 2) server. You guessed it right, the stratum 2 server is connected to the stratum 1 server.
Ok.....now moving on to the DDoS attack. The NetGear routers directly connected to the UW-Madison NTP server and they have high volume of product sales, since these devices are targeted for residential use. This resulted in high volume traffic of SNTP requests to UW-Madison NTP server.
The following article has all details and the analysis & troubleshooting to figure out the problem:
http://www.cs.wisc.edu/~plonka/netgear-sntp/
Happy reading!
UW-Madison has a public NTP server on campus. It is a primary (stratum 1) NTP server. Basically the primary NTP servers are directly connected to a reference clock (stratum 0) which synchronizes to the current time (UTC) using some technique like GPS transmission etc. Since the load on the primary NTP servers is high, typically clients should not connect to these servers. Instead they should connect to a secondary (stratum 2) server. You guessed it right, the stratum 2 server is connected to the stratum 1 server.
Ok.....now moving on to the DDoS attack. The NetGear routers directly connected to the UW-Madison NTP server and they have high volume of product sales, since these devices are targeted for residential use. This resulted in high volume traffic of SNTP requests to UW-Madison NTP server.
The following article has all details and the analysis & troubleshooting to figure out the problem:
http://www.cs.wisc.edu/~plonka/netgear-sntp/
Happy reading!
