The
Ultimate
Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog Archive Cutedge

by: Bernard Teo








Creative Commons License

Copyright © 2003-2012
Bernard Teo
Some Rights Reserved.

Mon 18 Dec 2006

Normalcy

Category : Technology/AccidentalDoS.txt

This server has, very thankfully, settled back to normal levels of service. The bots look like they're gone, hopefully for good.

It probably wasn't a Denial of Service attack after all. More like, Incidental or Accidental Denial of Service. But, tell that to the victims of a drive-by shooting. It's no fun getting pummeled, intentional or not.

But why were the bots so smart to hit the same two pages that had a lot of images?

Here's something that could explain what happened :

"SAN FRANCISCO - A computer worm is attacking some business PCs through a flaw in antivirus software by Symantec Corp., a security company warned Friday.

"EEye Digital Security, based in Aliso Viejo, Calif., said the worm, dubbed "Big Yellow," began attacking some computer systems on Thursday...

"Big Yellow enters machines through a security hole in the corporate version of Symantec's antivirus software. Once infected with the worm's "bot" program, a hacker can use it as a way to connect with other computers for malicious attacks."

Last Thursday, US Time. It was Friday, my time. That was when I started hearing my Mac Mini server's fan whirring like a jet engine. The Mac Mini is usually so dead quiet. So that was when I realised something was up. Something was making it go into overdrive ... it was those bots.

So, if things are quietening down now, it's probably because those infected PCs are getting shut down, or the ISP admins are filtering them off their firewalls.

So, like the Christians say, "all good things happen for good...". I've got the kick I need to look at firewalls and computer security. And, so far, that looks like another fascinating area for study, now that I have the context.

I've been thinking that I had taken this with some equanimity because it's not like I had built this business so big I couldn't walk away from it. But if I were to have crossed some tipping point, then losing the ability to transact business at this particular domain - one that I had spent years building on - that would then become a crushing blow.

And this experience shows how easy it is to lose it all. Your web server and mail server get hit so hard you can't keep the ports open without your system come crashing down. Closing the ports means closing off contacts with your customers. How would they reach you then? How would you do business, bring in revenue, keep your reputation, hold on to your world?

Here's a real world case - it just happened. Look how easy it is to lose control of even your domain name. And look at how painful the consequences. Could any business recover from it?

So, with this context, the technical issues come alive. How does denial of service work? What to do immediately when it happens? Where are the choke points? How do you parry it? Where do you place your blocks? How do you trace the attacks so you block the attacks with surgical precision without bringing down the whole site, because that is precisely what the attacks are meant to do - to put you out of business.

It's clear to me now that the time to think about these things is while we're still building our business - so that our means of protecting it grow as our business grows. If we wait till it's worth the world to us, we may not have time to secure it before we lose it all. Apocalyptic and dramatic? Technology is the double-edged sword. The speed you exploit to build up is the same speed that can used to cut you down. If anything, I've seen how now.

Posted at 4:35PM UTC | permalink

Mac@Work
Put your Mac to Work

Sivasothi.com? Now how would you do something like that?

Weblogs. Download and start a weblog of your own.

A Mac Business Toolbox
A survey of the possibilities

A Business Scenario
How we could use Macs in businesses

VPN Enabler for Mavericks

MailServe for Mavericks

DNS Enabler for Mavericks

DNS Agent for Mavericks

WebMon for Mavericks

Luca for Mavericks

Liya for Mountain Lion & Mavericks

Postfix Enabler for Tiger and Panther

Sendmail Enabler for Jaguar

Services running on this server, a Mac Mini running Mac OS X 10.9.2 Mavericks:

  • Apache 2 Web Server
  • Postfix Mail Server
  • Dovecot IMAP Server
  • Fetchmail
  • SpamBayes Spam Filter
  • Procmail
  • BIND DNS Server
  • DNS Agent
  • WebDAV Server
  • VPN Server
  • PHP-based weblog
  • MySQL database
  • PostgreSQL database

all set up using MailServe, WebMon, DNS Enabler, DNS Agent, VPN Enabler, Liya and our SQL installers, all on Mavericks.