[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <047501c9134e$7fa13d20$4ef24243@tsgincorporated.com>
Date: Wed, 10 Sep 2008 09:07:00 -0500
From: "Micheal Patterson" <micheal@...cq.com>
To: "B 650" <dunc.on.usenet@...glemail.com>,
"Theo de Raadt" <deraadt@....openbsd.org>
Cc: <bugtraq@...urityfocus.com>
Subject: Re: Sun M-class hardware denial of service
----- Original Message -----
From: "Theo de Raadt" <deraadt@....openbsd.org>
To: "B 650" <dunc.on.usenet@...glemail.com>
Cc: <bugtraq@...urityfocus.com>
Sent: Tuesday, September 09, 2008 4:27 PM
Subject: Re: Sun M-class hardware denial of service
<snip>
>> You stated in your original message that this is a high-end frame, of
>> the kind generally used by financial institutions etc. I would
>> imagine any system which warrants this kind of hardware would have
>> some level of redundancy or DR.
>
> Oh great! Sun is off the hook for selling something which doesn't
> work, and their customers must mitigate against it themselves.
> Utterly ridiculous.
B 650, the major problem with that statement, is that most facilities
that have built up redundancy for such an issue have 100% or more backup
of the exact same gear. That means that their DR plan is still crippled
and subject to the exact same failure as the primary system. That isn't
an effective DR plan.
If the system were in place at say a nuclear power plant, and it was
sold as a method to have separation to eliminate any problems with one
system causing another to cascade crash, and this happens, that effects
many other systems. Regardless if the initiator of the failure is a
power user or not, the result is a total cascade failure and will result
in a full system shutdown shutdown to recover from. It's still, by
definition, a DOS. Simply because the actions of one individual, either
by accident or malice, results in the denial of access to a system or
group of systems.
If you're one of the domains that will be effected, and you're taken
down even though your network / system is stable and working properly,
that would be seen as an unnecessary outage. What happens if the system
doesn't boot back up properly after the power down? Now, the outage is
extended and perhaps critical systems are no longer available. I used a
nuclear power plant as an example, what if it were an airport, or a
city's 911 / Emergency service? Fire Department dispatch system? EMS
system? Do you still think that it's a non issue to take down an entire
system for one faulty domain?
--
Micheal Patterson
Senior Communications Systems Engineer
Rural Hospital Acquisition, LLC
405-917-0600
Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.
Powered by blists - more mailing lists