Re: Sun M-class hardware denial of service

["Micheal Patterson" <micheal () rhacq com>]

----- Original Message ----- 
From: "Theo de Raadt" <deraadt () cvs openbsd org>
To: "B 650" <dunc.on.usenet () googlemail com>
Cc: <bugtraq () securityfocus com>
Sent: Tuesday, September 09, 2008 4:27 PM
Subject: Re: Sun M-class hardware denial of service



<snip>

> > You stated in your original message that this is a high-end frame, of
> > the kind generally used by financial institutions etc.  I would
> > imagine any system which warrants this kind of hardware would have
> > some level of redundancy or DR.
>
> Oh great!  Sun is off the hook for selling something which doesn't
> work, and their customers must mitigate against it themselves.
> Utterly ridiculous.

B 650, the major problem with that statement, is that most facilities 
that have built up redundancy for such an issue have 100% or more backup 
of the exact same gear. That means that their DR plan is still crippled 
and subject to the exact same failure as the primary system. That isn't 
an effective DR plan.

If the system were in place at say a nuclear power plant, and it was 
sold as a method to have separation to eliminate any problems with one 
system causing another to cascade crash, and this happens, that effects 
many other systems. Regardless if the initiator of the failure is a 
power user or not, the result is a total cascade failure and will result 
in a full system shutdown shutdown to recover from. It's still, by 
definition, a DOS. Simply because the actions of one individual, either 
by accident or malice, results in the denial of access to a system or 
group of systems.
If you're one of the domains that will be effected, and you're taken 
down even though your network / system is stable and working properly, 
that would be seen as an unnecessary outage. What happens if the system 
doesn't boot back up properly after the power down? Now, the outage is 
extended and perhaps critical systems are no longer available. I used a 
nuclear power plant as an example, what if it were an airport, or a 
city's 911 / Emergency service? Fire Department dispatch system? EMS 
system? Do you still think that it's a non issue to take down an entire 
system for one faulty domain?

--

Micheal Patterson
Senior Communications Systems Engineer
Rural Hospital Acquisition, LLC
405-917-0600

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.