Buy.Com, eBay, Amazon, CNN Hacked

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

Here's the link:

Buy.Com, eBay, Amazon, CNN Hacked

Ray

-- Ray (ray@totacc.com), February 09, 2000

Answers

I am beginning to suspect that the date-time stamp embedded in packets within the MAC layer of the tcp/ip stack have gone to negative numbers as a result of the CDC (century date change) and some of the routers and switches are having serious problems in reconciling packet reconstruction.
This means that the recieving end routers of the tcpip stream (i.e. the 'hacked' sites) are not able to reconstruct the packet stream suffienctly enough to avoid triggering an error condition. This is predictable anamolous behavior (and may have been noted on the Cisco site field notations) if the date-time stamp algorithm were to deal with a year of '00'. This problem will also trigger security alarms and could be easily mistaken for an attack of the *denial of service* kind. Persons on site could use a packet sniffer to retrieve MAC layer address headers and determine if the most significant bit of the date-time stamp was - 1.

If I am correct, then no hackers will take credit for what will become a daily increasing amount of 'hack' attacks. At some point it would be expected to level off at a near critical level for the internet. I would expect that this point would be reached when 24% of routers are involved. Note that this is a wild ass guess as there are many kinds of equipment and expected reponses within the class of routers. Some could be expected to just ignore the negative number. These, though, should exhibt garbaged messages as they could be expected to be reassembled in properly.

Also should note that many cell phone tower packet handlers use the same algorithm.



-- pliney the younger (pliney@puget.sound.rain.light.chilly), February 09, 2000.


Very insightful post pliney, thanks. Given the scope of the alledged big hack attacks, I think skepticism about the corporate line on this rapidly emerging problem is wise. Cisco (one of the most important internet infrastructure companies) has posted Field notices reporting a variety of problems since rollover including an apparently minor February 29 date stamping problem with their Optical Product Software. There's a list of post CDC field notices on this thread :

http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002WEk

-- Carl Jenkins (Somewherepress@aol.com), February 09, 2000.


The author above says: "Persons on site could use a packet sniffer to retrieve MAC layer address headers and determine if the most significant bit of the date-time stamp was - 1."

Can you please be more specific?

The MAC layers I know of:

have nothing even remotely resembling a "date-time stamp."

All are designed to send a packet as simply as possible and let higher layers (definately not the "MAC" layer) do the complicated stuff like sequencing, time-stamping, acknowledging, error-correcting. As I go through the Internet protocols I know of, I can not find one that would go negative or set the most-significant-bit around the Century Date Change. Can you help me out here and specify an example of a specific field of a specific protocol the you think would exhibit this problem and point quote the relevant paragraph and link to the standard RFC document?

-- More Info Please (AmI@clueless.to), February 10, 2000.


This week's denial-of-service attacks have become the latest events to be blamed on -- you guessed it -- Y2K glitches.

Paula Gordon, a visiting professor at George Washington University with a background in public administration, is circulating theories about Y2K glitches in Cisco routers that would put Pierre Salinger to shame.

(In a pleasantly conspiratorial 1999 article on Y2K at http://www.gwu.edu/~y2k/keypeople/gordon/oped_pieces.html, Gordon tells us that Clinton was afraid of revealing Y2K's impact because the truth "would trigger an immediate downturn in financial markets, something that could have major ramifications, including profound political repercussions. Indeed, his legacy could be shattered beyond repair.")

One of the perpetual problems of being a conspiracy theorist is finding new fodder for your conspiracies. Fortunately, we can blame the routers!

-Declan

-- Whyisshe Paranoid (Declan@is.spot.on.com), February 11, 2000.


Moderation questions? read the FAQ