A Denial-of-Service Tale of Woe

By Robert Currier, ITworld |  News Add a new comment

January 15, 2002, 12:00 AM Once upon a time there were three systems administrators. They were
great friends and spent the summer playing ultimate Frisbee, roaming
the street markets and drinking espresso at the local java joint. But
the days passed quickly, and soon it was time for them to turn once
again to matters of business. There were rumors of evil hackers afoot
on the Internet, and tales of deadly distributed denial of service
attacks being launched from unguarded systems.

The first systems administrator, his mind still full of Frisbee and
flowers, told his friends that he wasnt going to take any precautions.

"After all," he asked, "what could possibly happen?"

"It's not safe!" the other administrators cried. "The evil hackers will
break in and destroy your systems!"

But the first systems administrator didn't listen. He was too busy
having fun to bother with silly things like firewalls and systems
security.

The second sysadmin was more industrious. She built a firewall using an
old PC and the Linux operating system. She was very proud of her
firewall and moved all of her department's systems behind it.

"I built a firewall," she proclaimed. "Now I can relax and have fun."

"Not so fast," the last systems administrator warned. "You haven't
secured your systems by installing TCP wrappers, and you built your
firewall in five minutes. Don't you know that a poorly configured
firewall is worse than no firewall at all? And have you even bothered
to study the SANS Top 10 list?"

But the second sysadmin didn't want to listen. She was already on her
way back to Starbucks for another espresso.

The third systems administrator shook his head sadly.

"Poor innocents," he thought to himself. "Their time will come. The big
bad hackers will huff, and puff, and blow their systems down."

He trudged back to his office and began installing the latest systems
patches.

Not long afterwards, the first systems administrator was sitting in his
office enjoying a cup of coffee and thinking of nothing in particular.
Suddenly there was a horrendous crash in the hallway and his door flew
open.

"You have to help me!" shouted the wild-eyed faculty member. "All of my
research files are GONE! And I can't get them back! I've lost
EVERYTHING! Do something!"

The first systems administrator grabbed his keyboard. Tappity-tappity-
tap -- his fingers flew across the keys. What he saw made him very
frightened. He slowly turned a sickly shade of green.

"Ummm, I think you've been hacked," he muttered. "Excuse me. I'm going
to be sick now." And he pushed his way past the wild-eyed faculty
member and ran across campus to the office of the second systems
administrator.

The second systems administrator looked up in alarm as the first admin
burst into her office.

"What's wrong?" she asked? "Why are you so green?"

"I've been hacked!" cried the first sysadmin. "All of our files are
corrupt. They own root! I'm going to be fired! You have to help me!"

The second systems administrator leaned back in her chair and pulled at
her chin.

"Not to worry," she said. "We'll just put your critical systems behind
my nifty Linux firewall and they'll be fine. Let's get to work."

So the two sysadmins went to work and began moving machines and
reconfiguring network addresses. After several hours they had the first
system administrator's most critical systems up and running behind the
Linux firewall. They felt very safe and were quite pleased with
themselves. They fired up a Papa Roach MP3 file and kicked back. All
was well with the world.

Not long afterwards the second systems administrator's console beeped.
After she read the message she began to slowly turn white. She shook
her head in disbelief. This couldn't be happening.

"What's wrong, dude?" asked the first admin. "Those burritos you ate at
lunch give you gas?"

The second sysadmin shook her head.

"It's not gas -- it's that darn hacker. He's gotten through my Linux
firewall and is going for root on our departmental server. If that
system gets hacked, my butt is in a sling. That's where our chairman
keeps his research results."

The two admins looked at each other. They both knew there was only one
thing to do: pull the plug. They raced down the hallway to the data
closet and disconnected the network from the building backbone.

"That was close," said the first admin, wiping his brow.

"Yeah, a little too close for comfort," agreed the second. "Now what do
we do? I need to get those systems back on line as soon as possible."

"Why don't we see if the third systems administrator will let us move
the critical machines behind his firewall?" asked the first admin.

So the two chagrined admins gathered their critical systems, loaded
them on a cart and pushed them across campus. The third systems
administrator didn't say a word when they arrived.

    Add a comment

    Post a comment using one of these accounts
    Or join now
    At least 6 characters

    Note: Comment will appear soon after you have activated your account.
    Obscene/spam comments will be removed and accounts suspended.
    The information you submit is subject to our Privacy Policy and Terms of Service.

    ITworld LIVE

    Answers - Powered by ITworld

    ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

    Join Now

    New questions

    How much will the security flaws in Google Wallet set back the transition to "digital wallets"?
    0 answers
    What mobile apps are the worst offenders to user privacy?
    2 answers
    What are the main advantages/disadvantages of a hybrid cloud model vs. the public cloud?
    2 answers
    How do you bill for independent sales reps in a company IT contract?
    2 answers
    What would it take for you to allow a company to REALLY track all of your web use?
    2 answers
    View more questions

    Ask a question

    Join Now or Sign In to ask a question.
    Ask a Question