[H-GEN] IP Traffic Monitoring

Benjamin benjamincarlyle at optusnet.com.au
Wed Sep 10 19:15:37 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Tony Nugent wrote:
>   BTW, the latest rumours/information about the msblaster worm (and
>   who *didn't* see it? :) is that it was the cause of (or at the
>   very least a major contributing factor to) the recent massive
>   power failures in north america.  Idiots for using windows in
>   mission-critical situations... the US navy is still using winnt,
>   isn't it?  a bit of worry :)

According to the industry papers[1] I've read the main problems were not 
so much running mission-critical applications on windows, so much as 
sharing major network infrastructure with windows clients. Where you see 
windows variants being used for mission-critical apps its almost 
invariably an old version of winnt with all the services turned off and 
with a fairly well-known bug profile. The problems that have been 
encountered with the worms were because these machines couldn't talk to 
each other or their remotes because their networks were too congested.

It makes sense, though. You've got a system based around a central 
control centre for a city or state-wide enterprise. Do you lay new 
cables to get the comms happening or do you just use the corporate WAN 
you use for everything else? I guess that sensible network 
administrators would at least tunnel using IPsec or a similar technology 
and at least provide some Quality Of Service guarantee... but problems 
stem from the fact that the contractor who provides the network 
infrasturucture is rarely the same one as the contractor who provides 
the central control room. It's refreshing preparing to work in the UK 
rail systems. They have no network connectivity to anything from their 
central control rooms except via dedicated comms provided by British 
Telecom. In other places around the world they're not so careful about 
such things... and unless they can be convinced that safety will be 
compromised if they don't do this carefully they're simply not going to 
spend the money to separate control centre traffic from email worm 
traffic. Perhaps after this experience more will be done to ensure that 
the traffic from one doesn't harm the other, even if common 
infrastructure is used.

Oh, and I didn't hear about the worm being involved in the power 
failures, but I did specifically hear about it stopping some goods 
trains[2] for about half an hour while they got the situation sorted 
out. That stoppage cost someone a bunch of money :)

Benjamin
[1] Oooh, I'm an insider!
[2] Apparently across a couple of states or so. I don't recall any 
passenger trains being involved but I could be wrong.


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list