Thursday, August 21, 2003

Slammer (Jan 03) Crashed Ohio Nuke Plant

Kevin Poulsen wrote an excellent article on the means by which Slammer (not Blaster) "penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours, despite a belief by plant personnel that the network was protected by a firewall."
The article shows how network admins do not understand the connectivity of their networks, which then allows customer networks and VPN clients to bypass external-facing access control:


"It began by penetrating the unsecured network of an unnamed Davis-Besse contractor, then squirmed through a T1 line bridging that network and Davis-Besse's corporate network. The T1 line, investigators later found, was one of multiple ingresses into Davis-Besse's business network that completely bypassed the plant's firewall, which was programmed to block the port Slammer used to spread. 'This is in essence a backdoor from the Internet to the Corporate internal network that was not monitored by Corporate personnel,' reads the April NRC filing by FirstEnergy's Dale Wuokko. '[S]ome people in Corporate's Network Services department were aware of this T1 connection and some were not.'"

No comments: