February 4th, 2003

Illuminati

(no subject)

The right way to deal with Iraq. After several days of wrestling with it myself, I'm happy to announce that the New York Times has done it better than I could have. Read the article here.
Illuminati

(no subject)

Viruses fascinate me. Not the fact that people make them (sheer senseless vandalism generally) or the damage they can do (that's just petty and annoying) but the sheer inventiveness that some of them use is stunning.

Take, for instance, the Slammer virus that brought the internet to near standstill last week. Like most viruses, it propagated by finding a security flaw, using that flaw to copy itself onto a machine and then using that machine as a springboard to launch itself at other (hopefully flawed) computers to repeat the process.

What makes the Slammer virus particularly impressive is that it's tiny. Which isn't terribly impressive on its own. What's impressive is the fact that the virus writers made impressive use of this fact. By making the virus a mere 400 bytes in size, it happily fits inside a single internet packet. When most viruses want to spread over the internet, they must open a 'conversation' with another machine in the first place. This requires several packets back and forth (or enquiry, acknowledgement, etc) merely to get things started. It also requires a fair amount of memory, as you have to keep track of every conversation you're involved in.
So contacting (say) 500 other machines to infect meant attempting to start a conversation with a random address, waiting (up to 30 seconds) for an acknowledgement and then sending a probe to see if it was vulnerable to your attack. You couldn't attack more than a handful of machines at once because you'd lose track of what conversations you were trying to start.

By being small enough to fit inside a single packet, the Slammer virus was able to simply send itself as an attack to the other machine, not caring if the machine was even there or not. It wasn't expecting a conversation of any kind and it didn't care if the machine at the other end responded to its packet. This meant that the number of infected machines doubled every 8.5 seconds. Within three minutes over 55 million scans were taking place every single second and the whole of the internet was under a huge load. The average machine was running 4000 scans per second, with one machine spotted running 26000 scans per second. This had a huge effect, knocking most of South Korea off of the internet, as well as taking Bank of America ATM's down and causing slowdowns to pretty much everywhere.

More info can be found in the article The Spread of the Sapphire/Slammer Worm