>>>> The computers were so slow in mid-May that customer calls had
>>>> to be rerouted to other states, and at one point the delays
>>>> threatened to close down the Phoenix Service Delivery Center.
>>>Sounds like a lot of network traffic to me.
>> Ah, sounds to me like their system was all FUBAR, and they
>> were looking for a scrapegoat.
>>>> On May 27, U S West's Intrusion Response Team found a
>>>> software program on the system that ``captured U S West
>>>> computers to work on a project unrelated to U
>>>> S West Services,'' according to the search warrant.
>>>And lept to the unwarrented concluson that the slowdown
>>> was related to the software. I smell pointy hair.
> >
> >
> > Yup.
> >
> Not neccessarily.
No, but very likely.
>
> If you remember, at the time, PrimeNet had some difficulties relating
> to Blosser's activities. I think it is more than possible that US
> West have a firewall between their corporate network & the Internet.
I'd bet money on it.
> If so, this is likely to have a limit on the number of simultaneous
> connections through the firewall. Not related to traffic volume...
Ok, seems reasonable.
> If so, then a possible (in my view, probable) explanation is that
> the Primenet server and/or US Wests's firewall overloaded in such a
> way that lots of the open connections refused to terminate - due to
> deadly handshake caused by non-response from the other end.
Seems possible. But wouldn't the connection time out?
> If this happened, then it is overwhelmingly likely that all users
> reliant on US West's firewall would have suffered severe delays or
> total inability to make normal connections through the firewall. Even
> if none of the hardware in the chain was actually running Prime95.
Ok. That seems possible also. But nobody mentioned the Internet in the
report. I find it unlikely that US West uses the Internet when someone
looks up a phone number. That would be an ungodly waste of resources.
> When this sort of thing is arranged maliciously, it is called a
> Denial-of-Service (DOS) attack. Under these circumstances, if I was
> manager of US West's corporate network, *I* would be looking for
> blood.
The question in my mind is did he cause the problem or was he just blamed
for the problem?
> This is why any attempt to run Prime95 on a significant number of
> machines should be discussed and approved by *everyone* involved -
> the network operators as well as the machine owners. I'd also suggest
> that numbers are "ramped up" slowly instead of starting with a "big
> bang" - in this way, network operators etc. can look for any signs of
> significant "damage" & take remedial action, before the problem
> becomes of such a proportion as to be an effective DOS attack.
I agree here.
>>> Unless he wrote his own software that talked to primenet
>>> then what he did was load Prim95 on 2,585 PCs. Not having
>>> permission to do so is wrong, but I doubt that had anything
>>> to do with the problem US West was having.
> In some circumstances, for perfectly sensible reasons, loading *any*
> software onto a corporate PC is a serious offence, for which the
> usual penalty is summary dismissal.
I'm sure we'd want to take that discussion off line, but what seems like
"perfectly sensible reasons" to one person would be anal to another. And
I'd have to say that to enforce a blanket policy that requires dismissal
just for installing software on a corporate PC is anal, counter productive
and a sign I don't want to work there.
> At the time, Blosser claimed that he *did* have permission - but only
> from the "owners" of the PCs concerned - presumably someone else who
> should have approved his project either wasn't asked, or didn't give
> permission.
Or popped out of the woodwork sometime after he started running it.
> To act as a deterrent to other users who may be tempted to act in a
> similar way, either by design or by ignorance, could I suggest that
> the following measures be taken:
>
> 1. A new rule that no more than a fixed maximum number of machines be
> allowed for each user identity in Primenet. I suggest about 50 for
> the limit.
No thanks. I have hopes of convincing my company that donating the spare
cycles of a few thousand PCs would be a good PR move.
> 2. Blosser's user account to be reset to zero results & CPU years.
> All Blosser's previously-submitted results to be retained,
> but reassigned to a new user "anonymous" who will not appear in
> ranking lists.
I think we should wait for the full story. Should that ever appear.
