Firewall Wizards mailing list archives
Re: Y2K rollover Vigilance
From: Don Helms <dhelms () sw org>
Date: Wed, 8 Dec 1999 08:41:23 -0600
------------------------ From: Alejandro Rusell <arusel () mecon ar>
Having checked all out, what do you think of turning the date back, say, 28 years in the past, just in case. Do you all wizards know of any 72year problem?. Seeing that the day's configurations is the same every 28 years, we think that all systems that don't depend of the actual date should be moved back. After the rollover period (which we extend up to first days of March), all we have to do is modify the year part of the date in the logs for our processing (ie: 1971 = 1999, 1972 = 2000). We are thinking of doing it in routers and such devices. We have already tested that the devices support such an old date.
---------------End of Original Message----------------- I'm implementing a similar idea here. However, I'm date forwarding. We've got lots of "date-aware" equipment that we really don't care about the date. I'm pushing hubs, switches, etc forward to March 2000 (post leap day). It's not that I don't have faith in the equipment. However, if I do have a Y2K issue somewhere/anywhere I want to have the minimal amount of distractions in my troubleshooting. Anything I've date-forwarded I can pretty much ignore are that point. One of my big concerns is some sort of spoofed NTP attack pushing Y2K early. We've all expected a lot of viruses to do this and they are. I'm worried about someone finding a way to spoof (for lack of a better word) my NTP source. We may not shut off all internet access, but I will shut off NTP as we approach the end of the month. I've got a GPS feed and the Internet feed is only a secondary, but with medical time sensitive stuff involved I'm getting nervous on this one. Another thing we may shut down is email. I expect a lot of "last minute" Y2K viruses to be released just before the rollover in an attempt to overload the AV vendor's collective ability to identify and update pattern files. No conspiracy here, just if I had a hot new virus and really wanted to do damage, I would wait till that window to release it just before or even during the rollover. We've still got this one under discussion here. I figure I might put in a temporary mail cache to store a couple of days of incoming messages (about 4000/day) and then give the AV vendors a day or so to catch up and release any new pattern files. Probably I'll only need to delay messages with attachments anyway. We'll see. -Don -------------------------------------------------------- Don Helms Scott & White Hospital dhelms () sw org Date: 12/08/1999 All opinions are just that... --------------------------------------------------------
Current thread:
- Y2K rollover Vigilance Brad MacQuarrie (Dec 06)
- Re: Y2K rollover Vigilance Saravana Ram (Dec 07)
- Re: Y2K rollover Vigilance Lance Spitzner (Dec 07)
- Re: Y2K rollover Vigilance Alejandro Rusell (Dec 07)
- Re: Y2K rollover Vigilance Saravana Ram (Dec 08)
- Re: Y2K rollover Vigilance Don Helms (Dec 08)
- Re: Y2K rollover Vigilance Daniel Monjar (Dec 08)
- <Possible follow-ups>
- Re: Y2K rollover Vigilance Zzzil (Dec 08)
- Re: Y2K rollover Vigilance Brad MacQuarrie (Dec 08)
- Re: Y2K rollover Vigilance Paul Grabow (Dec 30)
- Re: Y2K rollover Vigilance Saravana Ram (Dec 07)