[ale] New worm destablized Internet
Bob Toxen
bob at verysecurelinux.com
Sun Jan 26 14:35:54 EST 2003
On Sat, Jan 25, 2003 at 09:10:40PM -0500, James S. Cochrane wrote:
> I just spent four hours at work, none of our Unix servers were DIRECTLY
> impacted, but the amount of broadcast traffic did impact our networks, and
> convinced several of our HA systems that they were experiencing network
> outages (mainly seemed to impact HP boxes, going to have to look into
> whether there are problems with HP-UX 11.0's network stack).
That sounds like a bug or design flaw in your HP boxen. I would bet that
the problem is not in the network stack but rather in some high level
non-kernel code that was not designed well.
I've done a lot of work with high availability and it should not fail
this way from this worm. It should take, at least, an amount of traffic
exceeding the network bandwidth of your boxes by a factor of 2-10 before
failure occurred. This is unlikely unless you have a T3 feed.
> So it might
> not be impacting the ATM network directly, but could be impacting the
> back-end networks where their servers are, preventing the ATM's from
> connecting to verify account balances and funds available, etc...
The only scenario I could see (that did not involve stupidity on B of A's
part, like being vulnerable to the worm) was if their ATMs are connected
to the servers over the Internet via a VPN and the 1434 noise flooded the
bandwidth.
> James
Bob
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list