FC: Y2K buffs won't leave it alone -- blame outages on Y2K

[Declan McCullagh <declan () well com>]

This week's denial-of-service attacks have become the latest events to be 
blamed on -- you guessed it -- Y2K glitches.

Paula Gordon, a visiting professor at George Washington University with a 
background in public administration, is circulating theories about Y2K 
glitches in Cisco routers that would put Pierre Salinger to shame.

(In a pleasantly conspiratorial 1999 article on Y2K at 
http://www.gwu.edu/~y2k/keypeople/gordon/oped_pieces.html, Gordon tells us 
that Clinton was afraid of revealing Y2K's impact because the truth "would 
trigger an immediate downturn in financial markets, something that could 
have major ramifications, including profound political repercussions. 
Indeed, his legacy could be shattered beyond repair.")

One of the perpetual problems of being a conspiracy theorist is finding new 
fodder for your conspiracies. Fortunately, we can blame the routers!

-Declan


> Date: Thu, 10 Feb 2000 10:52:43 -0500
> To: (Recipient list suppressed)
> From: "P. Gordon" <pgordon () erols com>
> Subject: FORWARDED THREAD: Denial of service "attacks" OR Corrupted
>   Century Date Change-related algorithm problem?
>
>
> The following thread concerning denial of service "attacks" on the Internet
> is for your interest and information.
>
> An alternative to the "hacker" theory is offered in the "answer" section of
> the thread.  If this theory is correct, then the culprit is not hackers.
> If hackers are not responsible for the problem, then the remedies and
> protective measures that are now being applied will not address the root
> causes of the problem.
>
> Paula Gordon
> 2/10/2000
>
>
>
> FORWARDED THREAD FROM TIME BOMB 2000 DISCUSSION FORUM  (with spelling edits)
>
> Buy.Com, eBay, Amazon, CNN Hacked
> http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002Wbr
> greenspun.com: LUSENET : TimeBomb 2000 (Y2000) : One Thread
>
>
>      Here's the link:
>
>      Buy.Com, eBay, Amazon, CNN Hacked
>
>      Ray
>
>      -- Ray (ray () totacc com), February 09, 2000
>
> Answers
>
>      I am beginning to suspect that the date-time stamp embedded in packets
> within the MAC layer of the tcp/ip stack have gone to negative numbers as a
> result of the CDC (century date change) and some of the routers and switches
> are having serious problems in reconciling packet reconstruction.
>      This means that the recieving end routers of the tcpip stream (i.e. the
> 'hacked' sites) are not able to reconstruct the packet stream sufficiently
> enough to avoid triggering an error condition. This is predictable anomalous
> behavior (and may have been noted on the Cisco site field notations) if the
> date-time stamp algorithm were to
> deal with a year of '00'. This problem will also trigger security alarms and
> could be easily mistaken for an attack of the *denial of service* kind.
> Persons on site could use a packet sniffer to retrieve MAC layer address
> headers and determine if the most significant bit of the date-time stamp was
> - 1  [minus 1].
>
>      If I am correct, then no hackers will take credit for what will become
> a daily increasing amount of 'hack' attacks.
>      At some point it would be expected to level off at a near critical
> level for the internet. I would expect that this point would be reached when
> 24% of routers are involved. Note that this is a wild ass guess as there are
> many  kinds of equipment and expected reponses within the class of routers.
> Some could be expected to just ignore the negative number. These, though,
> should exhibit garbaged messages as they could be expected to be reassembled
> in properly.
>
>      Also should note that many cell phone tower packet handlers use the
> same algorithm.
>
>      -- pliney the younger (pliney () puget sound rain.light.chilly), February
> 09, 2000.
>
> ____________________________________________________________________________
> ______
>
>      Very insightful post pliney, thanks. Given the scope of the alleged big
> hack attacks, I think skepticism about the corporate line on this rapidly
> emerging problem is wise. Cisco (one of the most important internet
> infrastructure companies) has posted Field notices reporting a variety of
> problems since rollover including an apparently minor February 29 date
> stamping problem with their Optical Product Software. There's a list of post
> CDC field notices on this thread :
>
>      http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002WEk
>
>      -- Carl Jenkins (Somewherepress () aol com), February 09, 2000.
> ____________________________________________________________________________
> ______
>
> (end of forwarded thread)

--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo () vorlon mit edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------