Experimental Physics and Industrial Control System
|
Mark Rivers wrote:
Folks,
We have definitely seen these problems with PowerPC processors
(MVME2700) on vxWorks 5.4. The problem is quite easy to cause, simply
send large ping packets to the IOC as fast as possible (required root
priv on Linux). The IOC will lose all network connectivity and never
recover.
We see similar behavior (loss of connectivity) when we download code
to serial line devices (e.g. motor controllers) - but our IOCs have
so far always recovered when the download was done.
This mostly happens on an hknitro60. We haven't downloaded code into
the motor controller we have connected to a hkbaja4700E in so long
that I don't remember whether it happens there too.
Maren
This behavior was happening on our IOCs at the NSLS at Brookhaven, and
we are 99% sure it was happening when their computer group did network
scans. We would ask them to not scan the IOC IP addresses, and they
would remember that for a while, then forget and crash the IOCs. We
finally just put 2 network cards in the computers at the beamlines and
put the IOCs on a private subnet that cannot be scanned.
Mark
-----Original Message-----
From: Jeff Hill [mailto:[email protected]]
Sent: Monday, February 06, 2006 11:31 AM
To: 'Brad Cumbia'; [email protected]
Subject: RE: Ioc denial of service attacks
Brad,
I don't know of any such vulnerability. Are you experiencing
such crashes?
If so please arrange for a vxWorks specialist to capture a
stack trace,
thread
cpu usage, MBUF usage information. With that information I
could probably
take the necessary steps to avoid trouble in the future.
I am particularly interested in situations where the IOC does
not recover
after the sacan is completed.
Thanks,
Jeff
-----Original Message-----
From: Brad Cumbia [mailto:[email protected]]
Sent: Monday, February 06, 2006 10:09 AM
To: [email protected]
Subject: Ioc denial of service attacks
Has anyone experienced global ioc crash's due to NMAP or
Nessus security
scans?
Also how do other labs isolate their ioc network to insure the
integrity of the systems? Any help would be appreciated.
- References:
- RE: Ioc denial of service attacks Mark Rivers
- Navigate by Date:
- Prev:
RE: ASYN/devGPIB/GPIBCVTIO problem Redman, Russell
- Next:
RE: ASYN/devGPIB/GPIBCVTIO problem Mark Rivers
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
<2006>
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: Ioc denial of service attacks D. Peter Siddons
- Next:
QtCATool - new CA client Liyu, Andrei
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
<2006>
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|
ANJ, 02 Sep 2010 |
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·
·
Search
·
EPICS V4
·
IRMIS
·
Talk
·
Bugs
·
Documents
·
Links
·
Licensing
·
|