nanog mailing list archives
Re: Banc of America Article
From: "Jack Bates" <jbates () brightok net>
Date: Sat, 25 Jan 2003 17:57:24 -0600
From: "Alex Rubenstein"
Does anyone else, based upon the assumptions above, believe this statement to be patently incorrect (specifically, the part about 'personal information had not been at risk.') ?
Actually, the statements are correct. Remember, the worm wasn't programmed to put the database or the security of the networks at risk. Of course, the customer's information "could" have been at risk, but in hind sight, it wasn't. However, there is another possibility. BofA could have piped a portion of the public network through equipment that sustains their private network in a secure manner. However, a MS-SQL system (or a couple hundred) which contained nothing of value was infected. The load created by the system was enough to interrupt equipment along the path and effectively shut down their private network even though it didn't have direct access. Example, I can run IP through ATM switches. The overloading of the PVC could systematically destroy the integrity of the ATM network which holds other ATM traffic. This is still a secure model, although obviously not well engineered as proper ATM CoS would have limited the IP traffic. Of course, ATM would be one example. They could be tunneling IP over any number of protocols commonly used by banks. In essence, only one piece of common equipment has to be shut down to cause a problem. Jack Bates BrightNet Oklahoma
Current thread:
- Banc of America Article Alex Rubenstein (Jan 25)
- Re: Banc of America Article Jack Bates (Jan 25)
- Re: Banc of America Article Sean Donelan (Jan 25)
- Re: Banc of America Article alex (Jan 27)
- Re: Banc of America Article Avleen Vig (Jan 25)
- Re: Banc of America Article Ryan Fox (Jan 25)
- Re: Banc of America Article Alex Rubenstein (Jan 25)
- Re: Banc of America Article E.B. Dreger (Jan 25)
- Re: Banc of America Article Dave Howe (Jan 26)
- Re: Banc of America Article Ryan Fox (Jan 25)
- Re: Banc of America Article Wayne E. Bouchard (Jan 25)
- Re: Banc of America Article alex (Jan 27)