Bennett Todd enscribed thusly:
> 1999-07-26-16:59:41 Paul D. Robertson:
> > If it had been a hospital's internal network and I'd done the scan at a
> > time where a doctor needed access to a patient's last CAT scan detail over
> > a network, it could have been catestrophic. US case law varies between
> > liability for manufacturers, implementors and initiators, but in almost all
> > cases the initiator of the problem is held liable.
> Could well be. Suppose the switch in question had simply been positioned out
> on the curb, perhaps under an awning to keep the rain off --- and someone
> tripped over the plug. That would certainly be a case where you'd have trouble
> holding the initiator liable for consequences to patient health.
> Seems to me, if you can fling strange (at a low protocol level) packets at a
> router that's critical for patient care, the person who designed that network
> oughta be sued for a good bit. I'd enjoy serving as expert witness for the
> persecution in such a suit.
> I'd regard using a packet filter, even a "stateful" one, as the protection
> between the internet and a patient care system right on par with setting up
> the routers for the system out by the sidewalk.
I will give you an even better one than that. Lots and LOTS of
embedded controllers use an operating system called OS-9. OS-9 was
originally designed for small systems with no intention of being hooked
up to the unpredictable internet. It seems that a number of the earlier
versions of this OS hand numerous shortcuts and deficiencies in the TCP/IP
stack. Controllers older than about a year or so ago are prone to going
completely brain dead if they receive an ICMP redirect packet (security
advisory was published a while ago - seen BugTraq archives). The failure
can leave the device (be it a factory machine, an HVAC unit for a building,
an oven, or a medical device), which is controlled by the controller, in
an unsafe state. Lots of times, you can't even determine that it's OS-9
at the heart of that smart ventilation controller that is on the end of
some unknown wire.
This isn't a hypothetical "switch on the curb". This is real and
it really is exposed. So, whose responsibility is it to fix it and who
gets the blame when it get torched by accident or by hostile intent?
The ICMP redirect, in and of itself is not illegal. It should be technically
prohibited to propagate said critter across a router (I have yet to see
a legitimate use for propagating and ICMP redirect between subnets).
Now... Who ya gonna sue. Microware (the OS-9 vendor), the maker
of the controller that selected OS-9, the vendor for the router that allowed
an ICMP redirect through, the network administrator who didn't isolate these
smart controllers from the rest of the network, the dude who was playing
with a new toy that just happened to emit an ICMP redirect to a directed
broadcast network, or the maker of said toy? All of the above? None of
the above? Hmmm???
And, of course, remember all of those lovely disclaimers for
"fitness of use" that exists in all of those shrinkwrap licenses.
> -Bennett
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
