Banc of America Article

• Previous message (by thread): Banc of America Article
• Next message (by thread): Banc of America Article
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Actually, I think too many assumptions were made.  

Let's simplify.  

We know UUNet traffic capabilities were reduced significantly.  Uunet
has many big customers.  Other big carriers had similar affects on their
networks, probably particularly at peering points.

We know many companies use public or private VPN services from major
carriers such as these, and that both VPN types may use public internet
carriers.

I think therefore that the only true conclusion we could say is that if
BoA's traffic was not prioritized, it therefore suffered collateral
damage primarily due to traffic not being able to get through between
ATM's and the central processing center.

Ray Burkholder


> -----Original Message-----
> From: Alex Rubenstein [mailto:alex at nac.net] 
> Sent: January 25, 2003 18:45
> To: nanog at nanog.org
> Subject: Banc of America Article
> 
> 
> 
> 
> http://biz.yahoo.com/rb/030125/tech_virus_boa_1.html
> 
> Let's make the assumption that the outage of ATM's that BoA 
> suffered was
> caused by last nights 'SQL Slammer' virus.
> 
> The following things can then be assumed:
> 
> a) BoA's network has Microsoft SQL Servers on them.
> 
> b) BoA has not applied SP3 (available for a week) or the 
> patch for this
> particular problem (SQL Slammer) (available for many months).
> 
> c) somehow, this attack spawned on the public internet made 
> it's way to
> BoA's SQL servers, bypassing firewalls (did they have firewalls?).
> 
> Another article states, "Bank of America Corp., one of the nation's
> largest banks, said many customers could not withdraw money from its
> 13,000 ATM machines because of technical problems caused by 
> the attack. A
> spokeswoman, Lisa Gagnon, said the bank restored service to nearly all
> ATMs by late Saturday afternoon and that customers' money and personal
> information had not been at risk."
> 
> Does anyone else, based upon the assumptions above, believe 
> this statement
> to be patently incorrect (specifically, the part about 'personal
> information had not been at risk.') ?
> 
> I find these statement made by BoA, based upon assumptions which are
> probably correct, to be very scary.
> 
> Comments?
> 
> 
> -- Alex Rubenstein, AR97, K2AHR, alex at nac.net, latency, Al Reuben --
> --    Net Access Corporation, 800-NET-ME-36, http://www.nac.net   --
> 
> 
> 

• Previous message (by thread): Banc of America Article
• Next message (by thread): Banc of America Article
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]