I'll ditto Annlee on using the Internet Storm Center and NANOG mailing lists as sources. NANOG folks are the first to see anomalous network activity. The crackers were testing this for a week or more before it really hit. Reports of infected hosts range from 125k to 1.4M. None of the folks running company networks whom I know have reported any problems in their networks. Regarding the power outage there were several instances that indicated that folks weren't testing their generators and had problems when then kicked in. Other sites including a major telco hotel in Manhattan did not have generators for the entire building. When the UPSs ran down they were toast. Some news items indicated that those who created good disaster plans after 9/11 had no problem riding this out. FWIW I worked for Ma Bell in NYC in Nov '65 - the first time this happened. After that they ran their generators once every week and went off grid for a three hour test every month. The "Black Ice" to which Annlee refers is a book discussing IT and power grid weaknesses. It was mentioned in this week's (either ComputerWorld or NetworkWorld). Does sound useful.
> -----Original Message----- > From: annlee [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 16, 2003 1:30 PM > To: [EMAIL PROTECTED] > Subject: Re: OT Microsoft worm [7:74045] > > > Priscilla Oppenheimer wrote: > > Just wondering, is this new LOVSAN msblast worm as big as > it seems to be? > > I've been helping lots of Windows users clean up their > machines. They all > > had the worm. These are mostly home users. I can't believe > they would use > > broadband, "always-on" access and not have a firewall, but > they didn't! > > > > What are you all seeing? Is this a big one? I suppose > enterprise networks > > are much better protected (hopefully) than the home > networks I've been > > helping out with. > > > > One has to wonder if the huge power outage could be > related. I can imagine > a > > Windows computer somewhere in Ohio that played a > surprisingly important > role > > in keeping the grid working and had been infected..... But > I read a lot of > > science fiction. :-) > > > > By the way, the stupid worm is attacking the wrong > Microsoft URL! So that > > aspect of it isn't going to be as bad as once thought. > > > > Comments? > > > > Priscilla > > **Please support GroupStudy by purchasing from the GroupStudy Store: > > http://shop.groupstudy.com > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > > The NANOG list has had *much* discussion of this worm (before > handling the effects of the power outage took priority -- > imagine, AOL relies on local power for its modem banks [grin]). > > There was a lot of 445 and 135 scanning on my firewall logs > leading up to worm day, and the Internet Storm Center > (http://isc.sans.org) showed a strong increase, as well, based on > DShield data. > > A fair amount of my business is getting broadband users > firewalled -- patching is the next step. > > The power outage does not appear related. There is a major > transmission loop around Lake Erie (300,000MW IIRC). The last I > saw, they believed a burst of power was sent counterflow-- if the > usual flow is clockwise, this was sent counterclockwise. When > and where the 2 flows met is the source of the failure, and then > things cascaded from there. > > The final report will be interesting, though. There has been much > discussion of late regarding infrastructure and network > exposures. I have Black Ice pre-ordered from Amazon: > http://www.amazon.com/exec/obidos/ASIN/0072227877/qid=10610584 79/sr=2-1/ref=sr_2_1/002-7066961-6172840 Seems especially timely, now... Annlee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74053&t=74045 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
