Fog Creek Software
Discussion Board




"Good" worm causes havoc. Duh.

TORONTO, Ontario (AP) -- A computer virus designed to inoculate against another infection brought down some computer networks Tuesday, forcing Air Canada to check in passengers manually at airports across the country.

Long lines formed at counters at Vancouver International Airport as the virus slowed Air Canada's computer system, spokeswoman Laura Cooke said.

http://www.cnn.com/2003/TECH/internet/08/19/internet.worm.ap/index.html

Brad Wilson (dotnetguy.techieswithcats.com)
Tuesday, August 19, 2003

and why were airline reservation systems and emergency response systems on the internet again? or did they just lose tunneled links? (no, the internet wasn't really designed for nuclear war)

of course this is a big reason why most people don't write 'good' worms: worms tend to have bugs, and 'good' people don't want to live with those consequences. never mind the trespass issues.

mb
Wednesday, August 20, 2003

The Internet, as originally designed, could probably have withstood a nuclear war.  But now it's up against a force far more dangerous:  millions and millions of users.

It's no contest, really.

Sam Livingston-Gray
Wednesday, August 20, 2003

Is that Air Canada's excuse this week?  How about two weeks ago when they had huge lines because they had laid off over half of the check in staff? 

This is more indicative of the poor management quality at Air Canada than anything else.  They are trying to run 'leaner and smarter' but are ending up just annoying customers.

Billy Boy
Wednesday, August 20, 2003

I've railed against this sort of thing for a decade.

I support portions of systems supporting public safety and emergency networks as well as those providing conventional services to the public through brick and mortar locations and back office operations.  These of course range from highly sensitive and vital activities to those that are merely "mission critical."

One by one I have lived with management decisions to abandon private networks, combine administrative networks from operational networks, and move from safer proprietary network architctures to commodity-based TCP/IP networks.

The overhead involved in securing a TCP/IP network is horrifying, not to mention full of holes.  The number of outages due to the sort of idiots you get supporting PC LAN operations over the same plant as production work is staggering.  Planning networks for scaling based on application bandwidth estimates is now impossible.

And did I mention, network costs are out of control?

Even without considering all of the crapola (bandwidth consumption by bullshit traffic) we need 30 times the bandwidth we used to use to service remote locations.  In many cases changes to the architecture of the remote applications themselves (based on more bullshit technology from the PC era) has resulted in another 5-fold increase in bandwidth requirements.  That's right, we now need 150 times the bandwidth we used in 1990 to do exactly the same job.

Even that is then stressed by adding in web browsing, fat email (image-laden, attachment-burdened RTF and HTML mail), crummy 2-tier C/S HR applications, etc.

As a result, where we once used cheap, multipoint 19.2K lines to support "the mission" we now need individual T1s to many locations.  Our network provider only offers the choice of 56K or T1 - even if we only need a fraction.  Problem is, the "overhead" activities have grown now to the point where once we have the option to provide say 1/4 T1 it won't be enough anymore either.

Then add in the lazy box-jockeys who fail to patch PCs even when the patches are there for the taking...

I'm amazed when things actually DO run, but the strain of making them do so is getting out of control.

Bob Riemersma
Wednesday, August 20, 2003

I have a simpler question:

Why was Air Canada still vulnerable? This "good" worm used the same vulnerability. If they were affected by it, then they were vulnerable which means they still hadn't patched.

Mark Hoffman
Wednesday, August 20, 2003

Funny, if you all read the article, you wouldn't have these questions and comments. :)

1. The word is causing wide-spread problems. The Air Canada was just one example.

2. The reason it's causing wide-spread problems even for patched systems is that it's flooding networks and causing denial of service.

Brad Wilson (dotnetguy.techieswithcats.com)
Wednesday, August 20, 2003

Brad:

Yes this caused network disruptions by saturating some networks, however to have it in the call center means that it should have passed through a DMZ, etc, etc.  To have it affect check-ins in Vancouver I would assume that either that local LAN is affected or that the central data warehouse was affected -- in which case it should have affected Toronto as well.

Last week after the power came back up, Air Canada also had problems. 

This is why I made the comment about this being indicative of their management.

Billy Boy
Wednesday, August 20, 2003

Uh Brad...I did read the article. Thank you very much.

It specifically says that it affected the "airline's call center in Toronto and check-in systems across the country"

Are you suggesting that the worm's mere presence on the Internet caused this?  Are you suggesting that Air Canada was just collateral damage from another system that wasn't patched?

Obviously the article doesn't specifically state how the worm affected them, but I find it hard to believe it wasn't caused by their systems still being vulnerable.

Mark Hoffman
Wednesday, August 20, 2003

It stated that the worm was causing denial of service attacks even against patched systems as it constantly tried to bombard networks, protected or not.

Firewalls don't protect you against denial of service attacks. If you're flooded, you're flooded. It doesn't matter whether you're answering back or not.

As to why the networks at the airport are using (or relying) on the Internet, beats me why. It certainly doesn't seem wise. But the overarching fact remains: this "good" worm is causing serious havoc, even to fully patched and firewalled networks.

Brad Wilson (dotnetguy.techieswithcats.com)
Wednesday, August 20, 2003

"Firewalls don't protect you against denial of service attacks"

Um, they should within the network. Maybe the ticket system can't talk to the credit card system, but it should be able to process all existing reservations, because they should all be within the firewall.

mb
Wednesday, August 20, 2003

*  Recent Topics

*  Fog Creek Home