Slammer (Jan 03) Crashed Ohio Nuke Plant

Kevin Poulsen wrote an excellent article on the means by which Slammer (not Blaster) "penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours, despite a belief by plant personnel that the network was protected by a firewall."
The article shows how network admins do not understand the connectivity of their networks, which then allows customer networks and VPN clients to bypass external-facing access control:


"It began by penetrating the unsecured network of an unnamed Davis-Besse contractor, then squirmed through a T1 line bridging that network and Davis-Besse's corporate network. The T1 line, investigators later found, was one of multiple ingresses into Davis-Besse's business network that completely bypassed the plant's firewall, which was programmed to block the port Slammer used to spread. 'This is in essence a backdoor from the Internet to the Corporate internal network that was not monitored by Corporate personnel,' reads the April NRC filing by FirstEnergy's Dale Wuokko. '[S]ome people in Corporate's Network Services department were aware of this T1 connection and some were not.'"

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics