you ever had to deal with a TCP/IP stack implemented in 1996 that was "good enough" to keep selling on devices today
-
you ever had to deal with a TCP/IP stack implemented in 1996 that was "good enough" to keep selling on devices today
-
Oops you tried to open an unsupported port I just crashed your industrial press
-
Graham Sutherland / Polynomialreplied to SwiftOnSecurity last edited by
@SwiftOnSecurity I once caused a PLC on an LPG tanker's balanced bus bar system (where outputs from primary and aux generators are combined) to lock up in such a manner that the engineers had to get out a ladder and disassemble the panel to physically disconnect the unit from power and re-connect it.
what awful thing did I do to affront it in such a manner that it required physical intervention?
nmap TCP connect scan, -T1 plus rate limiting, no scripts or protocol detection probes.
-
Richard "RichiH" Hartmannreplied to Graham Sutherland / Polynomial last edited by
@gsuberland @SwiftOnSecurity on a eight figure data center build I led, I was not allowed to probe or test against the Modbus gateways as it might have led to six figures in cost and half a year delay.
I ended up... creatively inserting... Tcpdump into the tool chain and then we did the implementation against reruns of the pcap files
-
Graham Sutherland / Polynomialreplied to Richard "RichiH" Hartmann last edited by
@RichiH @SwiftOnSecurity probably for the best. I caused an expensive production sev1 at a place once in a similar manner (due to hubris on someone else's part; I was assured in writing that the thing I said would probably not be ok would in fact be ok) and it resulted in an extremely tense meeting with the board of directors and shareholders. not something I would enjoy experiencing again.
-
Richard "RichiH" Hartmannreplied to Graham Sutherland / Polynomial last edited by
@gsuberland @SwiftOnSecurity I am trying to learn the art of not giving fucks when I have a written override for my prior told-you-so. It's hard when you care
-
N [email protected] shared this topic
-
@SwiftOnSecurity oh yes, which one are we talking about today?
-
Noah Kennedyreplied to Richard "RichiH" Hartmann last edited by
@RichiH @gsuberland @SwiftOnSecurity same, ive done this enough that i sorta have the hang of things
even so, it still feels bad and weird to go along with shit you know isn't gonna work because you know you don't have a choice and someone else made the call and will take the heat
