Full Disclosure mailing list archives
Re: east coast powergrid / SCADA [OT?]
From: "Stephen Clowater" <steve () stevesworld hopto org>
Date: Sat, 16 Aug 2003 16:34:55 -0300
----- Original Message ----- From: "Geoff Shively" <gshively () pivx com> To: "Stephen Clowater" <steve () stevesworld hopto org> Cc: <full-disclosure () lists netsys com> Sent: Saturday, August 16, 2003 3:33 AM Subject: Re: [Full-disclosure] east coast powergrid / SCADA [OT?]
Please, if that were the case, why have none of hte other billons of windowsvulnerabilitiesever affected the grid? more specifically, why havent any of the
thousands
of rpc vunerabilites ever effected the grid?This is one of the largest RPC worms released is it not? I am actually asking, because I cannot remember one that exploited the same conditions or
mimicked
the activates of blaster.
I'd read thru the bugtraq archives on securityfocus.com so you can really get a sense of the kinda long standing trouble rpc has been causeing over the years, RPC has been a long standing issue, in fact, For the last few years, Most places have just started blocking rpc out to the internet and given up on securing the protocol. Its caused many a headache to samaba (were you can now guess passwords curtosy of rpc) and Windows. With all the vunerabilities that windows goes through, alot of the particulars get lost in the grand river of crapulance that is windows security. Ths is the first worm to spread Exclusivly on a RPC exploit. And this Is the worst rpc Exploit yet (hell probably the worst windows exploit yet) But by just the sheer numbers of Exploits that show up in windows, if the systems doing critical monitoring were open to all on the internet, shurly we would heave been seeing outages like this before hand, there have been thousands of exploits agianst windows since the monitoring systems went into place.
Also, you never know when a certain set of circumstances will permit one thing from happening and not another. One of the nuances of multi-layers technology.Niagra somehow saw this coming and shut down all generators in time to stay on the grid, and as the failure expanded more failsafe kicked intocontain it.CNN also said that the entire cascading shutdown occurred in 9 seconds total. This means that the Niagara plant was one of the first in this cascade effect
Well yes, But since all the plants around the loop were hit just as fast, It also means the problem originated in that loop :)
and would have had a fraction of that time to see a surge coming, and
with the
speed in which we all know electrical surges travel there would be little to no warning.
True, I'm not sure how they saw it coming, I suspect that one of the systems at Niagra picked it up and started an emergency shutdown of the generators. How long it takes the plants to get back up really is just a function of how fast the generators were running when the grid went down around it. To get a sense of what happens to a generator when cut off from the grid, put your car into reverse and then drop clutch it :) Its something like that. So, in order to prevent any problems at niagra, All they really had to do was to get the generators Mostly shut down by the time the surge tripped the stuff up there. After that the surge probably bleed of into the surrounding grid. Also, Niagra's Shut down and how fast they had to shut down just shows that the problem probably originated in the loop that they were feeding into. More than likely what happend was as the surge began in the loop, it tripped some alarms at niagra. Wich fits the theory that something began with the hardware in the power loop.
I am no power expert, I am just working with the facts provided to me, and my uber leet math skills of adding and subtracting ;)
Well my l33t hax0r ski11z lead me to watch CNN and draw on experience :) But really all any of us are all doing is speculating, We will know for sure soon enough, there are to many burecrats involved here for some pie in the sky conspericey theory. For now we are just bouncing random theories around the place. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: east coast powergrid / SCADA [OT?], (continued)
- RE: east coast powergrid / SCADA [OT?] tetsujin (Aug 15)
- RE: east coast powergrid / SCADA [OT?] Andre Ludwig (Aug 14)
- RE: east coast powergrid / SCADA [OT?] RMcElroy (Aug 15)
- RE: east coast powergrid / SCADA [OT?] gml (Aug 15)
- RE: east coast powergrid / SCADA [OT?] Jason Coombs (Aug 15)
- Re: east coast powergrid / SCADA [OT?] -SIMON- (Aug 15)
- Official Microsoft RPC DCOM scanning tool Joey (Aug 15)
- Re: east coast powergrid / SCADA [OT?] Geoff Shively (Aug 15)
- Re: east coast powergrid / SCADA [OT?] Stephen Clowater (Aug 15)
- Re: east coast powergrid / SCADA [OT?] Geoff Shively (Aug 15)
- Re: east coast powergrid / SCADA [OT?] Stephen Clowater (Aug 16)
- Re: east coast powergrid / SCADA [OT?] Geoff Shively (Aug 16)
- Re: east coast powergrid / SCADA [OT?] Stephen Clowater (Aug 16)
- RE: east coast powergrid / SCADA [OT?] gml (Aug 15)
- Re: east coast powergrid / SCADA [OT?] Bernie, CTA (Aug 16)
- RE: east coast powergrid / SCADA [OT?] Richard M. Smith (Aug 16)
- Re: east coast powergrid / SCADA [OT?] Geoff Shively (Aug 16)
- Re: east coast powergrid / SCADA [OT?] Bernie, CTA (Aug 16)
- Re: east coast powergrid / SCADA [OT?] Geoincidents (Aug 16)
- Message not available
- RE: east coast powergrid / SCADA [OT?] Bernie, CTA (Aug 16)
- Re: east coast powergrid / SCADA [OT?] Stephen Clowater (Aug 16)
- Re: east coast powergrid / SCADA [OT?] Bernie, CTA (Aug 16)