In May 2003, the University of Wisconsin - Madison found that it was the recipient of a continuous, large-scale flood of inbound Internet traffic destined for one of the campus' public Network Time Protocol (NTP) servers. The flood traffic's rate was hundreds-of-thousands of packets-per-second, and hundreds of megabits-per-second.

Subsequently, we have determined the sources of this flooding to be literally hundreds of thousands of real Internet hosts throughout the world. However, rather than having originated as a malicious distributed denial-of-service (DDoS) attack, the root cause is actually a serious flaw in the design of hundreds of thousands of one vendor's low-cost Internet products targeted for residential use. These products' unexpected behavior presents a significant operational problem for UW-Madison for years to come.

This presentation will include the disclosure of details of these products' serious design flaw. Furthermore, we will discuss our ongoing, multifaceted approach toward the solution that involves the University, the products' manufacturer, the relevent Internet standards (RFCs), and the public Internet service and user communities.