[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <025d01c3642d$78f369b0$0201a8c0@stephenjfrss85>
From: steve at stevesworld.hopto.org (Stephen Clowater)
Subject: east coast powergrid / SCADA [OT?]
----- Original Message -----
From: "Geoff Shively" <gshively@...x.com>
To: "Stephen Clowater" <steve@...vesworld.hopto.org>
Cc: <full-disclosure@...ts.netsys.com>
Sent: Saturday, August 16, 2003 3:33 AM
Subject: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?]
> > Please, if that
> > were the case, why have none of hte other billons of windows
> vulnerabilities
> > ever affected the grid? more specifically, why havent any of the
thousands
> > of rpc vunerabilites ever effected the grid?
>
> This is one of the largest RPC worms released is it not? I am actually
> asking,
> because I cannot remember one that exploited the same conditions or
mimicked
> the activates of blaster.
I'd read thru the bugtraq archives on securityfocus.com so you can really
get a sense of the kinda long standing trouble rpc has been causeing over
the years, RPC has been a long standing issue, in fact, For the last few
years, Most places have just started blocking rpc out to the internet and
given up on securing the protocol. Its caused many a headache to samaba
(were you can now guess passwords curtosy of rpc) and Windows. With all the
vunerabilities that windows goes through, alot of the particulars get lost
in the grand river of crapulance that is windows security. Ths is the first
worm to spread Exclusivly on a RPC exploit. And this Is the worst rpc
Exploit yet (hell probably the worst windows exploit yet) But by just the
sheer numbers of Exploits that show up in windows, if the systems doing
critical monitoring were open to all on the internet, shurly we would heave
been seeing outages like this before hand, there have been thousands of
exploits agianst windows since the monitoring systems went into place.
>
> Also, you never know when a certain set of circumstances will permit one
> thing from happening and not another. One of the nuances of multi-layers
> technology.
>
> > Niagra somehow saw this coming and shut down all generators in time
> > to stay on the grid, and as the failure expanded more failsafe kicked in
> to
> > contain it.
>
> CNN also said that the entire cascading shutdown occurred in 9 seconds
> total.
>
> This means that the Niagara plant was one of the first in this cascade
> effect
Well yes, But since all the plants around the loop were hit just as fast, It
also means the problem originated in that loop :)
> and would have had a fraction of that time to see a surge coming, and
with the
> speed
> in which we all know electrical surges travel there would be little to no
> warning.
True, I'm not sure how they saw it coming, I suspect that one of the systems
at Niagra picked it up and started an emergency shutdown of the generators.
How long it takes the plants to get back up really is just a function of how
fast the generators were running when the grid went down around it. To get a
sense of what happens to a generator when cut off from the grid, put your
car into reverse and then drop clutch it :) Its something like that. So, in
order to prevent any problems at niagra, All they really had to do was to
get the generators Mostly shut down by the time the surge tripped the stuff
up there. After that the surge probably bleed of into the surrounding grid.
Also, Niagra's Shut down and how fast they had to shut down just shows that
the problem probably originated in the loop that they were feeding into.
More than likely what happend was as the surge began in the loop, it tripped
some alarms at niagra. Wich fits the theory that something began with the
hardware in the power loop.
>
> I am no power expert, I am just working with the facts provided to me, and
> my
> uber leet math skills of adding and subtracting ;)
Well my l33t hax0r ski11z lead me to watch CNN and draw on experience :) But
really all any of us are all doing is speculating, We will know for sure
soon enough, there are to many burecrats involved here for some pie in the
sky conspericey theory. For now we are just bouncing random theories around
the place.
Powered by blists - more mailing lists