----- Original Message ----- From: "Geoff Shively" <[EMAIL PROTECTED]> To: "Stephen Clowater" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, August 16, 2003 3:33 AM Subject: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?]
> > Please, if that > > were the case, why have none of hte other billons of windows > vulnerabilities > > ever affected the grid? more specifically, why havent any of the thousands > > of rpc vunerabilites ever effected the grid? > > This is one of the largest RPC worms released is it not? I am actually > asking, > because I cannot remember one that exploited the same conditions or mimicked > the activates of blaster. I'd read thru the bugtraq archives on securityfocus.com so you can really get a sense of the kinda long standing trouble rpc has been causeing over the years, RPC has been a long standing issue, in fact, For the last few years, Most places have just started blocking rpc out to the internet and given up on securing the protocol. Its caused many a headache to samaba (were you can now guess passwords curtosy of rpc) and Windows. With all the vunerabilities that windows goes through, alot of the particulars get lost in the grand river of crapulance that is windows security. Ths is the first worm to spread Exclusivly on a RPC exploit. And this Is the worst rpc Exploit yet (hell probably the worst windows exploit yet) But by just the sheer numbers of Exploits that show up in windows, if the systems doing critical monitoring were open to all on the internet, shurly we would heave been seeing outages like this before hand, there have been thousands of exploits agianst windows since the monitoring systems went into place. > > Also, you never know when a certain set of circumstances will permit one > thing from happening and not another. One of the nuances of multi-layers > technology. > > > Niagra somehow saw this coming and shut down all generators in time > > to stay on the grid, and as the failure expanded more failsafe kicked in > to > > contain it. > > CNN also said that the entire cascading shutdown occurred in 9 seconds > total. > > This means that the Niagara plant was one of the first in this cascade > effect Well yes, But since all the plants around the loop were hit just as fast, It also means the problem originated in that loop :) > and would have had a fraction of that time to see a surge coming, and with the > speed > in which we all know electrical surges travel there would be little to no > warning. True, I'm not sure how they saw it coming, I suspect that one of the systems at Niagra picked it up and started an emergency shutdown of the generators. How long it takes the plants to get back up really is just a function of how fast the generators were running when the grid went down around it. To get a sense of what happens to a generator when cut off from the grid, put your car into reverse and then drop clutch it :) Its something like that. So, in order to prevent any problems at niagra, All they really had to do was to get the generators Mostly shut down by the time the surge tripped the stuff up there. After that the surge probably bleed of into the surrounding grid. Also, Niagra's Shut down and how fast they had to shut down just shows that the problem probably originated in the loop that they were feeding into. More than likely what happend was as the surge began in the loop, it tripped some alarms at niagra. Wich fits the theory that something began with the hardware in the power loop. > > I am no power expert, I am just working with the facts provided to me, and > my > uber leet math skills of adding and subtracting ;) Well my l33t hax0r ski11z lead me to watch CNN and draw on experience :) But really all any of us are all doing is speculating, We will know for sure soon enough, there are to many burecrats involved here for some pie in the sky conspericey theory. For now we are just bouncing random theories around the place. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
