The Net likes to know what time it is. (So to TV networks and cable systems and any other distributed resource.) When the Internet was small-ish, it was no big deal to have a few thousand routers checking in with a couple of places to make sure everyone was in sync.
Generally, these conversations go like this:
“Hey! What time is it, anyway?”
“200308281252042143”
And that’s the end of it. But as more and more people went online, and more and more of those routers got installed in places like home networks, it was only a matter of time before something broke.
Back in June, the University of Wisconsin was hit with what looked like a massive Denial of Service attack, with hundreds of thousands of requests for the current time. UW happens to run one of the Net’s time servers — a computer that much of the Net syncs up with. Instead of the normal conversation, here’s what happened:
“Hey, what time is it, anyway?”
<silence>
“Hey, what time is it, anyway?”
<silence>
… and so on. 250,000 requests per second. It more or less took the University off line.
It turns out that the problem was with a couple of models of Netgear routers. Netgear specializes in low-end stuff, the kind that’s installed in home networks. And with the advent of cheap computers and Wi-Fi and all that good stuff, there are suddenly a ton of cheap Netgear routers installed — many of them with a little programming flaw that caused them to check in with the University of Wisconsin all at the same time.
And like any good infants, when they didn’t get an answer, they kept asking. Louder and louder. A quarter-million times a second.
The kicker is that the owners of the routers didn’t know there was anything wrong. Their routers worked fine. They probably never heard of the University of Wisconsin.
Netgear has agreed to issue a patch for the five affected routers, and apparently to help the university build a more robust network. A university official pointed out to CNet, though, that the problem probably won’t go away soon. Netgear sells into a market that’s less than technically astute, and its customers are less likely than most to a) upgrade or b) tweak something that doesn’t actually affect the way they use their own network.