Last Updated on March 23, 2022 by Dave Farquhar
I met up Monday night with some other security professionals for some emergency networking of the professional kind. One of the attendees, a penetration tester, had a little incident where he took down a production system when he conducted his penetration test. The system owners were a bit arrogant, and, well, they paid for it.
I’ve taken down a network too, but in my case it wasn’t something security-related. No, in my case, I was a 20-year-old desktop support technician working in a college computer lab, making an honest mistake.
The standard-issue machine in that lab was an IBM PS/2 Model 53 SLC2, which was powered by a weird IBM CPU that added the 486 instruction set, a 2x clock multiplier, and a bunch of cache to a 386SX CPU. It was a better chip than it sounds like, but was limited to 16 MB of RAM. It was not a rip-roaring machine even in the mid 1990s, but it was one of IBM’s last attempts to make the PS/2 affordable before shifting back to industry standards. In a weird turn of play, IBM also used that CPU on cheap clone motherboards it sold to other manufacturers.
Our shop was about as blue is could be back then: OS/2 running on PS/2s with Microchannel, on a Token Ring network. Microchannel wasn’t quite plug and play, my boss explained, but it was very close.
Token Ring and Microchannel were two very good IBM ideas that died because IBM wanted to own them. It’s unfortunate because the industry probably lost a good five years of innovation because of that, but that’s the sequence of events.
Token Ring worked well, but had one serious Achilles’ Heel: It didn’t autonegotiate. If you brought a machine up on the network at the wrong speed, strange things happened.
The cards in these Model 53s defaulted to 4 megabits. We ran a 16-megabit network. So I plugged a card into a machine, plugged it in to the network, powered it up, booted off a floppy, and received a strange message: The network is busy.
“The network is busy?” I scoffed. “What is this, America Online?”
So I started troubleshooting. A couple of minutes later, my boss raced into the room.
“Ah, you’re working on that machine. Good, I think we found our problem.”
He explained that an entire network segment was down, including the school’s radio station. He showed me how to check (and change) the card’s speed with a reference disk, which verified that my machine was on at 4 megabits–and destroying the network. We changed the setting, rebooted, brought the segment back up, and I didn’t make that rookie mistake again.
Today, any technology having a quirk like that would be unacceptable, but in the 1990s, things like that were common. When I start missing the ’90s, inevitably I remember things like this, and then I don’t miss them so much after that.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
2 thoughts on “How I once took down a network, including a radio station”
Hand-editing autoexec.bat and config.sys. Checking free IRQs. Was it himem.sys to access memory above 640K?
I like it when everything “just works”.
As I recall, himem.sys got you the block between 640K and 1 MB, and emm386.exe got you the memory above 1 MB. I was good at configuring that stuff, but I don’t miss it.
Comments are closed.