> >> The computers were so slow in mid-May that customer calls had
> >> to be rerouted to other states, and at one point the delays
> >> threatened to close down the Phoenix Service Delivery Center.
> >
> >Sounds like a lot of network traffic to me.
>
>
> Ah, sounds to me like their system was all FUBAR, and they were looking for a
> scrapegoat.
>
> >> On May 27, U S West's Intrusion Response Team found a
> >> software program on the system that ``captured U S West
> >> computers to work on a project unrelated to U
> >> S West Services,'' according to the search warrant.
> >
> >And lept to the unwarrented concluson that the slowdown was related to the
> >software. I smell pointy hair.
>
>
> Yup.
>
Not neccessarily.
If you remember, at the time, PrimeNet had some difficulties relating
to Blosser's activities. I think it is more than possible that US
West have a firewall between their corporate network & the Internet.
If so, this is likely to have a limit on the number of simultaneous
connections through the firewall. Not related to traffic volume...
If so, then a possible (in my view, probable) explanation is that
the Primenet server and/or US Wests's firewall overloaded in such a
way that lots of the open connections refused to terminate - due to
deadly handshake caused by non-response from the other end.
If this happened, then it is overwhelmingly likely that all users
reliant on US West's firewall would have suffered severe delays or
total inability to make normal connections through the firewall. Even
if none of the hardware in the chain was actually running Prime95.
When this sort of thing is arranged maliciously, it is called a
Denial-of-Service (DOS) attack. Under these circumstances, if I was
manager of US West's corporate network, *I* would be looking for
blood.
Such actions, distorted by typical news media over-sensationalism,
can only harm our project - which is probably one of the most benign
distributed computing projects which could be devised.
This is why any attempt to run Prime95 on a significant number of
machines should be discussed and approved by *everyone* involved -
the network operators as well as the machine owners. I'd also suggest
that numbers are "ramped up" slowly instead of starting with a "big
bang" - in this way, network operators etc. can look for any signs of
significant "damage" & take remedial action, before the problem
becomes of such a proportion as to be an effective DOS attack.
Personally, I doubt that the "attack" was deliberate. I get the
impression that the two things Blosser was "guilty" of were
over-ambition and a lack of awareness of the potential problems which
his actions could (& did) cause.
If this is the truth, then the price he has paid in terms of
notoriety alone would seem to be a severe enough "sentence".
> >Unless he wrote his own software that talked to primenet then what he did
> >was load Prim95 on 2,585 PCs. Not having permission to do so is wrong, but
> >I doubt that had anything to do with the problem US West was having.
In some circumstances, for perfectly sensible reasons, loading *any*
software onto a corporate PC is a serious offence, for which the
usual penalty is summary dismissal. Personally I don't have a problem
with this. Certainly I'd be angry if I found anyone else running
software on my machine for their benefit. (Which is why I don't like
sites which insist on inflicting cookies on me...)
At the time, Blosser claimed that he *did* have permission - but only
from the "owners" of the PCs concerned - presumably someone else who
should have approved his project either wasn't asked, or didn't give
permission.
To act as a deterrent to other users who may be tempted to act in a
similar way, either by design or by ignorance, could I suggest that
the following measures be taken:
1. A new rule that no more than a fixed maximum number of machines be
allowed for each user identity in Primenet. I suggest about 50 for
the limit.
2. Blosser's user account to be reset to zero results & CPU years.
All Blosser's previously-submitted results to be retained,
but reassigned to a new user "anonymous" who will not appear in
ranking lists.
Brian Beesley
