Re: Y2K rollover Vigilance

[Don Helms <dhelms () sw org>]

------------------------
  From: Alejandro Rusell <arusel () mecon ar>
> Having checked all out, what do you think of turning the date back, say, 28 years
> in the past, just in case.  Do you all wizards know of any 72year 
> problem?.   Seeing that the day's configurations is the same every 
> 28 years, we think that all systems that don't depend of the actual 
> date should be moved back.  After the rollover period (which we 
> extend up to first days of March), all we have to do is modify the 
> year part of the date in the logs for our processing (ie: 1971 = 
> 1999, 1972 = 2000).
>
> We are thinking of doing it in routers and such devices.  
>
> We have already tested that the devices support such an old date.
---------------End of Original Message-----------------

I'm implementing a similar idea here.  However, I'm date forwarding.
We've got lots of "date-aware" equipment that we really don't care 
about the date.  I'm pushing hubs, switches, etc forward to March
2000 (post leap day).  

It's not that I don't have faith in the equipment.  However, if I do have a 
Y2K issue somewhere/anywhere I want to have the minimal amount of distractions 
in my troubleshooting.  Anything I've date-forwarded I can pretty much ignore 
are that point.

One of my big concerns is some sort of spoofed NTP attack pushing Y2K early.
We've all expected a lot of viruses to do this and they are.  I'm worried about 
someone finding a way to spoof (for lack of a better word) my NTP source.
We may not shut off all internet access, but I will shut off NTP as we approach
the end of the month.  I've got a GPS feed and the Internet feed is only a 
secondary, but with medical time sensitive stuff involved I'm getting nervous 
on this one.

Another thing we may shut down is email.  I expect a lot of "last minute"
Y2K viruses to be released just before the rollover in an attempt to overload
the AV vendor's collective ability to identify and update pattern files.  
No conspiracy here, just if I had a hot new virus and really wanted to do 
damage, I would wait till that window to release it just before or even 
during the rollover.  We've still got this one under discussion here.

I figure I might put in a temporary mail cache to store a couple of days of 
incoming messages (about 4000/day) and then give the AV vendors a day or so
to catch up and release any new pattern files.  Probably I'll only need to 
delay messages with attachments anyway.  We'll see.

-Don



--------------------------------------------------------
Don Helms  
Scott & White Hospital
dhelms () sw org
Date: 12/08/1999

All opinions are just that...
--------------------------------------------------------