IMPORTANT INFORMATION - Datafeeds clients using Openwire
327 views
Skip to first unread message
CACI Open Data Support
Oct 28, 2023, 7:06:48 AM10/28/23
to A gathering place for the Open Rail Data community
Good afternoon all,
We have been made aware of a critical severity vulnerability within ActiveMQ (Classic) that is exploitable via the OpenWire protocol.
We have ceased all traffic via the OpenWire protocol with immediate effect while this is investigated and remediated.
This will affect users of the ActiveMQ (Classic) on the NTROD Public platform (port 61639) and the approved platform.
NROD users are advised to connect to port 61619 on the public platform.
Further information on the vulnerability is available on the following link: https://nvd.nist.gov/vuln/detail/CVE-2023-46604
Charles Briscoe-Smith
Oct 28, 2023, 7:32:04 AM10/28/23
to A gathering place for the Open Rail Data community
NROD is Network Rail, I believe, not National Rail (I keep getting these two NR's mixed up). And this is for Openwire, not STOMP. Only I've been seeing the Darwin pushport STOMP feed down since 08:20 this morning, though
(port 61613 closed, "connection refused" since 08:20, timeouts since about 09:20)
- is that related? (I did open a ticket.)
Thanks.
Peter Hicks (Poggs)
Oct 28, 2023, 8:13:48 AM10/28/23
to A gathering place for the Open Rail Data community
On 28 Oct 2023, at 12:32, Charles Briscoe-Smith <charles.br...@gmail.com> wrote:NROD is Network Rail, I believe, not National Rail (I keep getting these two NR's mixed up). And this is for Openwire, not STOMP. Only I've been seeing the Darwin pushport STOMP feed down since 08:20 this morning, though (port 61613 closed, "connection refused" since 08:20, timeouts since about 09:20) - is that related? (I did open a ticket.)
I’ve seen it down too - it’s possible that this CVE is being actively exploited and somebody’s running malware. From past experiences, bitcoin miners are a favourite, as are ransom-demanding encrypting payloads.
Time for #hugops
Peter
Charles Briscoe-Smith
Oct 28, 2023, 8:43:03 AM10/28/23
to A gathering place for the Open Rail Data community
That does sound stressful. On the other hand, they may be winning as it looks like the pushport's back. #hugops and maybe also #congratops?
CACI Open Data Support
Oct 28, 2023, 9:14:40 AM10/28/23
to A gathering place for the Open Rail Data community
Good afternoon.
The Darwin platform was also taken offline this morning due to this vulnerability. The platform is now back online for STOMP Clients and will remain unavailable for OpenWire clients while the vulnerability is remediated. There may be further interruptions to the service while remediation work is carried out.
CACI Open Data Support
Oct 28, 2023, 10:39:32 AM10/28/23
to A gathering place for the Open Rail Data community
Good Afternoon,
As a further update the Darwin feeds are now available again using OpenWire protocols. The service should now be fully restored and accessible using both Stomp and OpenWire.
CACI Open Data Support
Oct 28, 2023, 12:46:12 PM10/28/23
to A gathering place for the Open Rail Data community
Good Evening,
Thank you for your patience, we have now completed maintenance work on both the public Classic and Approved platforms. These should now be available again for use on both STOMP and OpenWire protocols on the respective ports.
If you have any issues accessing the datafeeds please contact the support team via dsg_nrod...@caci.co.uk
Kind Regards
NROD Support
Ceri Storey
Oct 28, 2023, 3:18:33 PM10/28/23
to A gathering place for the Open Rail Data community
Hi folks,
I'm afraid I'm no longer seeing traffic on the darwin pushport via STOMP. It recovered after the restart at 13:30, but while my client is seemingly connected correctly, I can subscribe to `/topic/darwin.pushport-v16` without error (as I have previously), but while i'm seeing keepalives go through in both directions, I'm not seeing any message frames.The timing of the last message seems to correspond with roughly the end of the maintenance window, unfortunately.
Anyone else?
George Goldberg
Oct 28, 2023, 3:23:11 PM10/28/23
to openrail...@googlegroups.com
I'm also seeing no data on the Darwin v16 feed too. Not sure exactly when the messages stopped but it was definitely a few hours ago.
George
--
You received this message because you are subscribed to the Google Groups "A gathering place for the Open Rail Data community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openraildata-t...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/openraildata-talk/702d9199-caa9-40a4-bfcb-7c1fadabfda0n%40googlegroups.com.
Charles Briscoe-Smith
Oct 28, 2023, 5:12:36 PM10/28/23
to A gathering place for the Open Rail Data community
Same here, last message was around 17:12 today (as I added to my open ticket around 6pm), and that seems to match Ceri's graph. It's useful to know it's not a problem specific to my cobbled-together STOMP client, at least. Thanks.
Charles Briscoe-Smith
Oct 28, 2023, 5:16:21 PM10/28/23
to A gathering place for the Open Rail Data community
Oh actually, just spotted this in my email: https://mailchi.mp/nationalrail/darwin-service-impacting-incident
"What Is Impacted:
Please be aware that all Push Ports are currently down due to a Security breach on active MQ
Please note, Live Departure boards are not affected, only CIS Push ports
Who Is Impacted: CIS
Incident Reference: INC0075383
Incident Start Date / Time: 9:40 hrs
Next Update Due: 22:00 hrs"
Please be aware that all Push Ports are currently down due to a Security breach on active MQ
Please note, Live Departure boards are not affected, only CIS Push ports
Who Is Impacted: CIS
Incident Reference: INC0075383
Incident Start Date / Time: 9:40 hrs
Next Update Due: 22:00 hrs"
Reply all
Reply to author
Forward
0 new messages