Politech mailing list archives
FC: Y2K buffs won't leave it alone -- blame outages on Y2K
From: Declan McCullagh <declan () well com>
Date: Fri, 11 Feb 2000 13:14:35 -0500
This week's denial-of-service attacks have become the latest events to be blamed on -- you guessed it -- Y2K glitches.
Paula Gordon, a visiting professor at George Washington University with a background in public administration, is circulating theories about Y2K glitches in Cisco routers that would put Pierre Salinger to shame.
(In a pleasantly conspiratorial 1999 article on Y2K at http://www.gwu.edu/~y2k/keypeople/gordon/oped_pieces.html, Gordon tells us that Clinton was afraid of revealing Y2K's impact because the truth "would trigger an immediate downturn in financial markets, something that could have major ramifications, including profound political repercussions. Indeed, his legacy could be shattered beyond repair.")
One of the perpetual problems of being a conspiracy theorist is finding new fodder for your conspiracies. Fortunately, we can blame the routers!
-Declan
Date: Thu, 10 Feb 2000 10:52:43 -0500 To: (Recipient list suppressed) From: "P. Gordon" <pgordon () erols com> Subject: FORWARDED THREAD: Denial of service "attacks" OR Corrupted Century Date Change-related algorithm problem? The following thread concerning denial of service "attacks" on the Internet is for your interest and information. An alternative to the "hacker" theory is offered in the "answer" section of the thread. If this theory is correct, then the culprit is not hackers. If hackers are not responsible for the problem, then the remedies and protective measures that are now being applied will not address the root causes of the problem. Paula Gordon 2/10/2000 FORWARDED THREAD FROM TIME BOMB 2000 DISCUSSION FORUM (with spelling edits) Buy.Com, eBay, Amazon, CNN Hacked http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002Wbr greenspun.com: LUSENET : TimeBomb 2000 (Y2000) : One Thread Here's the link: Buy.Com, eBay, Amazon, CNN Hacked Ray -- Ray (ray () totacc com), February 09, 2000 Answers I am beginning to suspect that the date-time stamp embedded in packets within the MAC layer of the tcp/ip stack have gone to negative numbers as a result of the CDC (century date change) and some of the routers and switches are having serious problems in reconciling packet reconstruction. This means that the recieving end routers of the tcpip stream (i.e. the 'hacked' sites) are not able to reconstruct the packet stream sufficiently enough to avoid triggering an error condition. This is predictable anomalous behavior (and may have been noted on the Cisco site field notations) if the date-time stamp algorithm were to deal with a year of '00'. This problem will also trigger security alarms and could be easily mistaken for an attack of the *denial of service* kind. Persons on site could use a packet sniffer to retrieve MAC layer address headers and determine if the most significant bit of the date-time stamp was - 1 [minus 1]. If I am correct, then no hackers will take credit for what will become a daily increasing amount of 'hack' attacks. At some point it would be expected to level off at a near critical level for the internet. I would expect that this point would be reached when 24% of routers are involved. Note that this is a wild ass guess as there are many kinds of equipment and expected reponses within the class of routers. Some could be expected to just ignore the negative number. These, though, should exhibit garbaged messages as they could be expected to be reassembled in properly. Also should note that many cell phone tower packet handlers use the same algorithm. -- pliney the younger (pliney () puget sound rain.light.chilly), February 09, 2000. ____________________________________________________________________________ ______ Very insightful post pliney, thanks. Given the scope of the alleged big hack attacks, I think skepticism about the corporate line on this rapidly emerging problem is wise. Cisco (one of the most important internet infrastructure companies) has posted Field notices reporting a variety of problems since rollover including an apparently minor February 29 date stamping problem with their Optical Product Software. There's a list of post CDC field notices on this thread : http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002WEk -- Carl Jenkins (Somewherepress () aol com), February 09, 2000. ____________________________________________________________________________ ______ (end of forwarded thread)
-------------------------------------------------------------------------- POLITECH -- the moderated mailing list of politics and technology To subscribe: send a message to majordomo () vorlon mit edu with this text: subscribe politech More information is at http://www.well.com/~declan/politech/ --------------------------------------------------------------------------
Current thread:
- FC: Y2K buffs won't leave it alone -- blame outages on Y2K Declan McCullagh (Feb 11)