Random Access - Monday, September 24, 2001Diversity and tolerance
Strong systems, strong societies are diverse and fault-tolerantby Chris Gulker
I'm watching the hit meter on gulker.com's Web server: 54,027.Watching a Web server. You can maybe tell just how badly I need to try to get some normalcy back into my life. The last two weeks have seen me first on a long business trip, then stuck in Chicago while the U.S. air fleet was grounded
I'd watched the World Trade Center attacks on a hotel television. For the first few hours after the attacks, cell phone circuits were overloaded and even conventional phones couldn't get long distance lines. My wife and I were finally able to exchange email, trying, like a lot of other people to find their closest companions and make sense of madness and horror. I, for one, have not made much progress along that path in the last ten days.
Which is why I'm staring at the status window of my Mac Web server. It runs software called WebStar, which unlike the popular Apache server, has a window that lets you see who's visiting the Web server.
And it counts incoming requests. It just jumped to 54,107 -- no big deal, except it's 30,000 more hits than it normally would have logged in the last couple days.
And it isn't events in New York that drive this traffic: I'm hardly CNN or an expert on terrorism. It's Nimda.
Nimda is a worm, a species of computer virus related to Code Red. Remember Code Red? It wasn't so long a go the F.B.I. gathered dour-faced agents on television to announce this major threat against U.S. infrastructure.
In the current climate, it only just rated a mention, even though Nimda started showing up almost exactly a week to the minute after the World Trade Center was first hit. And Nimda is far more rapacious than Code Red.
Code Red spread from Web server to Web server by exploiting badly written code in Microsoft's IIS Web server software. Basically Code Red sends a certain request that is too long for the server to deal with so it just sort of stops, slackjawed and lets its guard down. Code Red then installs itself on the compromised server, and begins looking for other servers to infect.
Nimda used that trick, but goes much further. First, it tries 16 different flaws in Microsoft's IIS, instead of just one. It also attempts to spread itself by email, by Web browser and by infecting networked machines like servers inside of a company's firewall. Code Red generated a gigantic amount of Web traffic: Nimda generates about 16 times as much, and spreads through more channels.
By Tuesday evening, gulker.com's network was all but useless. Nimda traffic had eaten up so much of my ISP's bandwidth that they began blocking Web traffic on segments of their network. I couldn't get to any Web page outside my network. All I could do was watch as Nimda-infected machines on unblocked segments hammered my Web server so hard that the status window was a blur.
I felt helpless. It was an eerie echo of how I'd felt a week earlier as I'd watched the World Trade Center towers fall.
I'm a nerd, so when in doubt, I read the manual. I hit the Web, I look for the documentation. Since September 11th, I've read ravenously about the Taliban, Boeing airplanes, Osama bin Laden, the architecture and construction of skyscrapers, Islam, air traffic control, Afghanistan, high-rise fire fighting and terrorism. I've looked at 1-meter resolution satellite photos of lower Manhattan, before and after, video clips, info graphics and stock charts plotting the market response to other great disasters.
It didn't help much. I just couldn't comprehend how someone - let alone 19 people - could be so full of hate that they'd spend months or years preparing to die while slaughtering thousands.
And, now, seeking solace in geekdom, I couldn't comprehend how someone could spend time writing Nimda. True, Microsoft's products are regrettably plagued with bugs and security flaws, but that's the point. Nimda just bundles all the ways of exploiting those bugs that previous viruses and worms had unearthed.
One bright point flared when, once again seeking to Read The Manual, I came across news of an open-source program called LaBrea, as in 'tarpit'. LaBrea turns a network's unused IP addresses into what looks to the worm like potential victims. But LaBrea plays a little trick that causes the worm to get stuck after it connects. One LaBrea machine can tie up hundreds or thousands of Nimda machines.
Nimda was successful initially because it used a part of the Net against itself - Microsoft's products are pretty ubiquitous out there. But a different kind of software, open source running on Linux, can help solve the problem. If the Net was restricted to Microsoft, or only one kind of any other software, it wouldn't be as strong.
So there's strength in diversity.
On Septemebr 11, people whose hearts and minds I may never be able to comprehend took advantage of just about everything a free and tolerant society has to offer, and used it to send more than 6000 people to horrendous deaths. And already, some are calling for America to rescind freedoms, and eschew tolerance.
But the very thing that has made America strong is our tolerance, however imperfect it may be. That tolerance breeds diversity, and that diversity breeds strength in a society, as surely as it does in a network.
Random Access | www.gulker.com | Help/Info
editor@gulker.com This page was last built with Frontier on a Macintosh on Mon, Sep 24, 2001 at 8:30:27 AM.