[H-GEN] IP Traffic Monitoring
Benjamin
benjamincarlyle at optusnet.com.au
Wed Sep 10 19:15:37 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Tony Nugent wrote:
> BTW, the latest rumours/information about the msblaster worm (and
> who *didn't* see it? :) is that it was the cause of (or at the
> very least a major contributing factor to) the recent massive
> power failures in north america. Idiots for using windows in
> mission-critical situations... the US navy is still using winnt,
> isn't it? a bit of worry :)
According to the industry papers[1] I've read the main problems were not
so much running mission-critical applications on windows, so much as
sharing major network infrastructure with windows clients. Where you see
windows variants being used for mission-critical apps its almost
invariably an old version of winnt with all the services turned off and
with a fairly well-known bug profile. The problems that have been
encountered with the worms were because these machines couldn't talk to
each other or their remotes because their networks were too congested.
It makes sense, though. You've got a system based around a central
control centre for a city or state-wide enterprise. Do you lay new
cables to get the comms happening or do you just use the corporate WAN
you use for everything else? I guess that sensible network
administrators would at least tunnel using IPsec or a similar technology
and at least provide some Quality Of Service guarantee... but problems
stem from the fact that the contractor who provides the network
infrasturucture is rarely the same one as the contractor who provides
the central control room. It's refreshing preparing to work in the UK
rail systems. They have no network connectivity to anything from their
central control rooms except via dedicated comms provided by British
Telecom. In other places around the world they're not so careful about
such things... and unless they can be convinced that safety will be
compromised if they don't do this carefully they're simply not going to
spend the money to separate control centre traffic from email worm
traffic. Perhaps after this experience more will be done to ensure that
the traffic from one doesn't harm the other, even if common
infrastructure is used.
Oh, and I didn't hear about the worm being involved in the power
failures, but I did specifically hear about it stopping some goods
trains[2] for about half an hour while they got the situation sorted
out. That stoppage cost someone a bunch of money :)
Benjamin
[1] Oooh, I'm an insider!
[2] Apparently across a couple of states or so. I don't recall any
passenger trains being involved but I could be wrong.
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list