[LUGA] Mit freundlicher Unterstützung von:
Linux New Media AG

Mail Thread Index

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[luga] Und nochwas aus comp.risks

Date: Thu, 12 Feb 1998 11:23:36 -0500
From: mandrews@fd9ns01.okladot.state.ok.us
Subject: Risk: Massive NT Outage due to Registry corruption

  [This was sent me by someone at a Fortune-100 manufacturer, and is
  anonymized and sanitized at the original sender's request.  It is genuine.]

> The recent power fluctuations here in [placename] corrupted the NT
> registries in our [server-community-names].  As a result, our entire NT
> network (>10K machines) is down, and has been since 5 am this
> morning. (I'm doing direct IP to [product-name] to do mail. Thank God.)
> Once the registries got corrupted, the databases of user signons went,
> too. And, of course, the tape backups won't load because NT requires a
> timestamp somewhere in the guts that the tape image doesn't match to the
> clock. So every NT server, and most NT workstations, won't do anything
> except local work.

> If this were just office workers, it would be annoying enough. But the
> [product name] servers require such close tie-ins to the machine accounts
> that they are dead -- guess what helps run our factories? Can you say loss
> of $1M+ per hour?"

> Why am I telling you? Because our NT guys have suddenly realized that this
> is a good candidate for a denial of service attack: once the registries
> get corrupted, the entire resource domain has to be reloaded by hand --
> and that apparently includes desktops. If you have ideas on how to go
> check the registries on your NT servers, I'd suggest you go do so.

In another letter, the original sender elaborates:

> If you are recovering from this, every desktop user will have to
> delete/disable their <user>.pwl file to be able to get back on the
> network, because that file hardcodes which domain server they are
> on. HOWEVER, if they do that, they can then not get into any other service
> on their desktop for which they've stored the password, because they're
> all in that file. if the user doesn't remember the password, they're SOL,
> because the latest patch from MS keeps the *.pwl files from being hackable
> by the "standard" hacker and pwledit tools -- but it is also rendered
> unreadable to the MS standard pwl editor, too.

The total outage was in excess of 12 hours, and the loss-of-revenue from
the outage is estimated to be more than $10 million.

Mike Andrews, D.P. Director, Okla. Dept. of Transportation

powered by LINUX the choice of a gnu generation
linux user group austria;
Letzte Änderung:
September 2010