Feeds

BOFH: No service therefore no denial

Virus frenzy

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Episode 34 BOFH 2000: Episode 34

"I'm a bit concerned about these viruses that seem to be springing up all over the world!" the Boss burbles upon entering Mission Control under a medium head of steam - obviously someone's accidentally exposed him to a broadsheet newspaper on his way to work.

"Virii?" I ask, attempting to divine the purpose of the visit

"Yes. Like the D.O.S.virus"

"You mean the one perpetrated by Microsoft? I thought only I knew about that!"

"What?! No, the Denial of Service Virus"

"Ah, the Denial of Service *VIRUS*. Yes, I've been a little worried about that myself. But we found a way around it"

"And what's that?"

"Well we've found that if you don't actually *HAVE* a service, it can't be denied.."

"What?!"

"A little joke!" I lie, "But we've not been hit by a Denial of Service Attack so far"

"How would you know?"

"Because the service of a particular SERVER would go through the floor"

"Yes, but how would you KNOW?"

"Ah, I see! Well generally, a denial of service attack would affect us like so."

>CLICK!< >WHIRRrrrrr....<</p>

"What did you just do?"

"Switched off the Financials Database machine"

"Why?"

"To illustrate a point. As I was saying, a denial of service attack is usually first noticed by the users..."

>ring ring<</p>

>Click< >wwwwwWWWWHHHHIRRRRR...<</p>

"And see all those call lights on the phone? That's how WE know."

"Unless of course we never left our desks and continuously monitored machine performance" the PFY adds, trying to find a reason to browse porn sites for 8 whole hours a day, without the normal break for lunch...

1/4 of an hour later, the financials server is back in business but the boss has obviously been wound up by someone and wants to delve into the whole virus quagmire.

"So we have antivirus products for our mail server and our Windows machines, but what do we have for our Unix Servers"

"Nothing. They don't need it per se"

"But how do you KNOW?"

Sadly, the boss slams the cover on the server before I can repeat the demonstration, which just goes to show you can teach an old dog to be afraid. Very afraid...

"I don't know what you mean"

"Well years ago when I was a Unix Admin..."

I only just manage to suppress the cry that he wouldn't even qualify as a unix admin's ARSEHOLE, as he continues..

"..I used to just use strings to see if anything nefarious was going on" the Boss finishes, letting us in on a technical secret bound to take us to the top of our chosen field.

"Strings?" the PFY asks, feigning stupidity "You mean like the non-null terminated jobbies that let you read on into virtual memory?"

"?" the Boss responds in turn, before continuing "No, I mean the program strings"

"Strings.." I add thoughtfully, allowing the Boss his moment in the technical sun "No, doesn't ring any bells with me"

"Oh for Pete's sake, you call yourself professionals!" he burbles happily, milking his supposed advanced knowledge for all it's worth "Strings - it's a great program to extract the text from files. Then you can search it for things that don't look right"

"Oh, so you're saying we should get the text out of these files, see if any of it looks suspicious or not, and if so delete the infected files?"

"YES!" he gasps, marvelling at the beauty of his plan

"But what if they use some trivial encoding method to ensure that plaintext strings aren't included in the file?"

"Well obviously there's a few programs that it won't highlight, but we can clear those up later by looking for modification dates" he counters, obviously having read the text entitled "hak3r hunt1ng f0r m0r0ns", circa 1981

"Right, so what should we be looking for?" the PFY asks, flipping to the Finance Systems AIX server console.

"Suspicious strings" The Boss says, really adding value to the conversation

"Like?"

"I don't know, suspicious ones"

"What about ones that refer to the password file?" I suggest helpfully

"Definitely! They'll be stealing names and passwords!!!"

"No.. .. .nothing.. " the PFY mumbles quietly, "NO WAIT, there's something in a program called init and another in a program called cron!!!"

"The sneaky bastards!" I cry, figuring what the PFY's up to "They put them in programs commonly executed by the superuser which no-one kno..."

"..and in id, at, and atrm!!!"

"It's worse than we thought!!!" I cry "What do they do, grab the password and give error messages?!?"

"There's error messages in there - do you think they're using it to cover up the access"

"Of course!" the boss cries excitedly "That's how they hide what they're doing – With Error MESSAGES!!!!!"

"Uh-oh, I see there's a root process running cron now!!!"

"Kill it!!" The boss gasps

>clickety clack<</p>

"ls has error messages in it too!!!" the pfy cries, keeping the level of panic up to
100%

"DELETE IT QUICKLY BEFORE SOMEONE USES IT!!!!"

And the funny thing is, it's fairly surprising how long a system will stay up when you remove all the executables, most of the libraries, and trash a filesystem or two.

"THEY'VE CRASHED THE SYSTEM!!!!" the PFY cries, even more urgently

"THAT MEANS THEY'VE MOVED ON TO ANOTHER SYSTEM!!!" I cry, before the boss can see reason....

And the rest, as they say, is history.

The boss took it well though - fell on his sword with only the slightest wimper.

I feel a tinge of guilt - but then realise there's plenty of Unix Admin jobs out there waiting for him....
?reg;

BOFH: Kit and Caboodle
It's all here

BOFH is the Bastard Operator from Hell. He is the creation of Simon Travaglia. Don't mess with his copyright.

Beginner's guide to SSL certificates

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
Turnbull should spare us all airline-magazine-grade cloud hype
Box-hugger is not a dirty word, Minister. Box-huggers make the cloud WORK
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.