Netgear Hides Router Backdoor Instead of Fixing It

Summary from the slides: The knocking feature is initiated when a "packet type == 0x201" arrived at "ft_tool" that listens to the Ethernet packets. It only works with EtherType 0x8888 and the payload has to be "45d1bb339b07a6618b2114dbc0d7783e" which is the MD5-hash of the model number DGN1000. If such a packet arrives, the backdoor service /usr/bin/scfgmgr f- is launched.
Ars Technica reports :
The nature of the change, which leverages the same code as was used in the old firmware to provide administrative access over the concealed port, suggests that the backdoor is an intentional feature of the firmware and not just a mistake made in coding. "It's DELIBERATE," Vanderbecken asserted in his presentation.
(Cross posted on Soylentnews)
Pipedot: Under 1 second, every time.
Soylent: 4.5 to 5 seconds, every time.
And I understand they have all kinds of caching enabled (Varnish servers, etc.) That's really pretty bad. (And let's not be silly and blame it on volume; both are hosted at the same place, they don't have that much traffic, and as noted they have an entire front end caching infrastructure in place.)