[Dshield] power outages all across North Eastern US

Jon R. Kibler Jon.Kibler at aset.com
Fri Aug 15 17:31:09 GMT 2003


Geoff Shively wrote:
> 
> Jon, Great points and they pretty much coincide with my
> thinking in this problem. Though there is one thing that is
> somewhat of a contradiction in logic that I have heard a
> few times from others as well.
> 
> >If the Internet had been the source of the problem, I think
> >we would have seen a failure REAL EARLY into this worm.

Ok, let me clarify...
   Previously I said: If the Internet had been the source of the problem...
   What I really meant: If the system causing the failure had been DIRECTLY CONNECTED to the Internet...

Yes, the Internet is the source of all the infections (except for the miscreant that created the worm!). The point I was trying to make is that a SCADA system that used the Internet to communicate with the control room would like have failed early. In contrast, a system infected through an internal network, such as via a contaminated laptop, would be result in a later failure.

I also have to agree with Johannes' comments that someone could have changed a router to block a critical port being another potential, albeit indirect, coincidence of the worm.

However, I still have strong doubts that the failure was worm related.

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA




More information about the list mailing list