Slashdot Mirror
When Will The Next Slammer Strike?
scubacuda writes "Business Week has an article on how the Slammer worm demonstrates just 'how vulnerable the Internet remains': MS's own DBs were affected, telephone/ATM/etc were knocked out, and if the worm had occurred only 48 hours later (preventing investor's trading, 911 calls, banking services), there could have been a 'virtual Net shutdown.' Vincent Weafer, director of the computer-security outfit Symantec's Anti-Virus Response Center (SARC), says that the likelihood that a Slammer-style worm will hit at a more vulnerable moment is high."
ATMs are not connected to the internet, but to the bank's private network, which, yes, runs over TCP/IP. So a computer that got infected and had access to the internal network would be enough to crash those reachable ATMs.
Brett Glass : http://www.brettglass.com
Many ATMs use a phone line to connect to the network to run the transaction so if the phone lines are down so is the ATM. Some use leased lines or other communication technologies but a POTS line does the job and is often cheapest.
It is.
who can't afford 50 bucks on a virus scanner or decent firewall software
Then don't pay 50 bucks.
I saw Nimda infections up until the end of last year
Norton and McAfee both provided free available Nimda removal tools. Besides, if you can afford IIS, you can afford a virus scanner.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
It *is* free http://www.grisoft.com (AVG)
"The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare
There are some companies that offer free services.
;
<LI>http://housecall.trendmicro.com<LI>
Free Java Based scanner, works well I've used it many times when I'm out fixing someones computer and they dont have a decent scanner.
Jesus saves, everyone else takes full damage from the fireball.
Just because something isn't technically on the Internet, doesn't mean it is on a completely walled-off pipe.
Many stand-alone ATM structures use a satellite connection from Hughes Network Systems to securely connect to their company's network. But that's the same Hughes Network Systems birds that power DirecWay and DirecPC consumer services. So, if for some reason there was a sudden surge in Internet traffic (such as a worm randomly trying to infect IP addresses without caring whether or not there is a machine capable of being infected on the other end) the ATM might not be able to get enough satellite time to complete a transaction without timing out, therefore resulting a "lost my connection" message on the ATM.
Think of it as a VPN tunnel over a network that is used partly for Internet, and partly for other things... if the Internet goes crazy, it affects those other things too.
My presumption is that they were running ATM VPN traffic over standard IP connections (basically like running an ADSL line to the site). This would affect anyone who is running a system critical service over the shared internet.
Having said that, if they were affected then it demonstrates really poor planning: Any critical service should have QoS guarantees by their provider (which should have peer QoS guarantees, and so on), so if the ATM requires a minimum of x bandwidth, then the provider will guarantee that all other traffic will be throttled to accommodate it, building more bandwidth (fibre, etc) if they cannot accommodate all of their QoS guarantees at once. It most certainly seems ridiculous to even ponder things like 911 going down because of something like this.
Let me put it another way: Many telcos share the same data lines for both voice traffic (long distance calls, etc), and Internet IP traffic: Internet traffic cannot take up so much bandwidth that it impedes the voice data, as the telco will always throttle it accordingly to ensure that voice always gets through with 100% throughput. These same sorts of guarantees hold true (or should hold true) for all other system critical type services, and it is brutal irresponsibility to do anything else. When some kid with a ping program can take down your system then it points out a pretty big flaw.
Yes. ATMs as in bank ATMs. Cash machines.
I don't know about most people, but the outage affected customers of CIBC Bank in Canada, who couldn't withdraw their cash from many machines throughout Ontario (the news said Toronto only, but it affected some of my family and friends in other areas too).
Being a customer of a different bank (TD Canada Trust), I was not affected.
You can accomplish anything you set your mind to. The impossible just takes a little longer.
They (MS) know better than anyone that applying an SQL Server hotfix is a royal pain in the ass. They just modified the initial Slammer vulnerability patch so that it has an installer. Before that you had to stop the server, backup the files, copy the new files manually into their respective directories, and then run a couple of queries in the query analyzer.
This and MS's reputation for having to patch patches (sometime 2 or 3 times) is why people don't jump at the chance to apply one of those damn things. It took this incident for them to make installing a simple SQL Server hotfix less than a 25 minute job.
I also downloaded SP3 4 times and every time I tried to run setup, I got a "setupsql.exe can not be found" error. I STILL don't have SP3 on my SQL server, but it's firewalled anyway so I'm not totally naked.
Dissolve... Resolve... Evolve...