* Reader tells tale of firewall firestorm Anthony Nelson, president of ESTec Systems in Edmonton, Alberta, Canada very kindly wrote to me with an interesting response to an article on not striking back against perceived attacks. The following is Nelson’s slightly edited text.***Some time ago a firewall called Sidewinder had an option for a _finger_ attack. If you enabled it and the firewall recognized an attack it would initiate a retaliatory finger attack against the originator of the attack.Two of my clients had purchased Sidewinder firewalls and both had enabled the strikeback feature. The two companies also had a joint venture project going on. An employee from company A was seconded to company B for the duration of the project. When he arrived at company B, he tried to access internal resources at company A as he believed he was allowed to do. It did not work, so he repeatedly tried different ways to do it. At some point in this process, the Sidewinder firewall at company A determined that his activity constituted an attack; it therefore initiated a strikeback. The Sidewinder firewall at company B looked at the strikeback and determined that _it_ was an attack and so it initiated its own strikeback to A’s strikeback. Both companies at that time were running T-1 lines to the Internet. The firewalls filled the pipe with attack and counterattack, effectively cutting both companies off the ‘Net until an administrator at one of the companies shut down their firewall, ending the data storm.I was asked to perform the forensic analysis of the event. After reading my report, both companies turned off the strikeback feature. ***My thanks to Nelson for this excellent example of a data storm. In system engineering terms, the situation exemplifies a positive feedback loop; each component responds with an increased reaction to the response of the other component, and so the problem gets worse and worse.From a programming standpoint, the situation is similar to a deadly embrace, since each firewall is waiting for the other to stop. The problem cannot be resolved by the firewalls themselves; termination requires external intelligence and intervention.Finally, in a sense, the problem is a kind of race condition, since it does not occur unless the communicating systems have the misfortune to pick partners with the same configuration (much as in a programming race condition, where a problem doesn’t happen unless two processes interact in a particular sequence and time window).Keep those interesting cases coming, folks! Related content news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center news AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer The companies are extending their AI partnership, and one key initiative is a supercomputer that will be integrated with AWS services and used by Nvidia’s own R&D teams. By Andy Patrizio Nov 30, 2023 3 mins CPUs and Processors Generative AI Supercomputers news VMware stung by defections and layoffs after Broadcom close Layoffs and executive departures are expected after an acquisition, but there's also concern about VMware customer retention. By Andy Patrizio Nov 30, 2023 3 mins Virtualization Data Center Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe