Sun Grid DOS'd

feronti writes "So, it didn't take long... CNET is reporting that Sun's new Grid computing service (reported yesterday) has already been the victim of a DDOS attack. "

obligatory

[Orrin+Bloquy]

Oh, it was slashdotted.

Cause & Effect

[duerra]

The outage, Sun reports, began at around 04:43PM, on Wednesday March 22, as every geek in the world seemingly had nothing else to do at the time.

(Yes, I went there. And yes, that was just unacceptable. I know. hEhE)

Re:Cause & Effect

[buckyboy314]

When the DoS ended, service technicians reportedly found a fresh pot of tea in the output tray.

Sun Grid

[Scoria]

So, would you say that the Sun Grid should now be considered "off the grid?"

Don't worry, I'll be here all week.

DOS?

[Eightyford]

Sun uses DOS?

Jackasses

[AKAImBatman]

Why do people do this? Sun provided a publicly available text to speech service as a cute little marketing gimmick. Thanks to the efforts of these yahoos, however, Sun has moved the service inside the grid so that it is only available to subscribers. Cool things that could have been done with this free service (Sun suggests making blogs into podcasts) now can only be done by GridEngine subscribers.

And what have these self-righteous "hackers" proved? Abso-fracking-lutely nothing. Sun's Grid was never in danger, and they had no problem moving the service.

So thank you very much for spoiling things for everyone. I hope you "hackers" enjoyed it.

Re:Jackasses

[networkBoy]

They proved something alright (from TFA):

That position dovetails with one long held by Sun Chief Executive Scott McNealy. "Absolute anonymity breeds irresponsibility," he said in a 2003 interview. "Audit trails and authentication provide a much more civil society."

Re:Jackasses

I'm sure some bozo will now chime in how the hackers were "white hats" and they were only trying to "help" Sun improve their security.

Yeah, sure.

This continual barrage of so-called "hackers" is doing only one thing: turning our computerised world into a gigantic "police state" of sorts. There will NEVER be a day when all security "issues" have been addressed. NEVER. But, thanks to the efforts of pinheads like these, our operating systems and environments are becoming more and more encumbered with security of every kind and type. We can't write a C program without having to worry about stack-smashers. We can't open a ZIP file without a virus scanner. It's hit and miss browsing the web...you may be the lucky winner of some kind of embedded trap Microsoft/Mozilla/Opera/whomever hasn't accounted for yet. And the arms race continues!

Remember the days when no one had a firewall? When you could happily "finger" someone's account on another system? Forget it..those days are long gone. We all live in gated communities now. Can't put your system on the raw internet without half a dozen kiddies with portscanners hitting you up within seconds. Oh but it's for "security". Sure. They're only doing it for my own good, as the apologists say.

Re:Jackasses

[dfj225]

Sure, I'll bite. I would say that any "white hat" hacker would notify the company of security vulnerabilities within their system instead of exploiting them with no warning. I think actually releasing or using exploits against a system that you do not own, operate, or have permission to run said exploits on would remove you from the "white hat" group. Believe it or not, some people are able to research software security without feeling the need to run exploits in the wild. Only those who are irresponsible or malicious would do that, and these types are typically not the ones creating the exploits to being with.

Re:Jackasses

[mizhi]

Probably has something to do with this:

http://www.penny-arcade.com/comic/2004/03/19

Re:Jackasses

[Jherek+Carnelian]

That position dovetails with one long held by Sun Chief Executive Scott McNealy. "Absolute anonymity breeds irresponsibility," he said in a 2003 interview. "Audit trails and authentication provide a much more civil society."

They only proved that partial anonymity breeds irresponsibility. Sun and any sort of response they make would have a tough time being anonymous. So, on one hand you have the "bad guys" who have almost complete anonymity to cover their 'extra-legal' activities and on the other hand you have the "good guys" without much anonymity and so are unable to respond in kind.

Adding audit trails and authentication just changes the identities of the "bad guys" from those who are outside the system to those who own the system and thus can erase the audit trails as needed (for example, the brazilian the british coppers shot and killed in the tube last summer - despite being the most surveiled society on the planet the incident was not recorded on camera due to a 'temporary malfunction' -- yeah RIGHT).

Re:Jackasses

[sootman]

Cool things that could have been done with this free service (Sun suggests making blogs into podcasts)...

Speaking of which if anyone is interested in doing this, you can use OS X's (so-so) voices:
$ say -f blogfile.txt -o podcast.aiff
Then use iTunes to convert to MP3 or AAC. `man say` for more options. Introduced in 10.3.

I'm not saying this is better than what Sun offered, or that those hackers weren't assholes... just mentioning something that people might be interested in.

Re:Jackasses

[Cyno]

The question is are you paranoid enough?

http://www.techworld.com/security/news/index.cfm?N ewsID=5466
http://slashdot.org/article.pl?sid=05/10/27/142223 0
http://www.zdnet.com.au/insight/toolkit/security/e mail/0,39027176,39168559,00.htm
http://www.gridtoday.com/03/0526/030526.html
http://distributedcomputing.info/news.html

This thing has a lot of people's names on it. If it flops someone has to take the blame.

Re:Jackasses

[mav[LAG]]

You know you've been on Slashdot for too long when:

• you recognize that URL instantly
• you still laugh out loud without having to click through

They're lucky

[yootje]

They're lucky Slashdot didn't linked to the project, otherwise they would've been DDOS'd for the second time.

Sun Grid

[daeg]

Pretty damn cool idea, actually. I'm not sure about their demo application (unless the speech quality was superb), but a cool idea nonetheless. Could especially be nice for cracking passwords on things like RAR archives where you have to use brute force attacks. I imagine opening up old password protected archives could be very valuable to businesses (particulary since businesses tend to repeat passwords, e.g., discover one and you probably discovered a bunch).

Not very useful to the public at large, though.

brilliant!

[gEvil+(beta)]

Now that's sheer brilliance! How come I never thought about running DOS on a cluster of machines? What's that? Wrong DOS you say?

Denial of Service, abbreviated DoS

[poopie]

Let's keep things straight - three are enough confusing three letter acronyms.

Denial of Service is still worth writing out. Most wanna-be geeks see the three letters "dos" in any capitalization combination and think of Microsoft Disk Operating system.

Slashdot story submitters should know the difference between DOS and DoS, but due to the stupid l33tsp33k crud, nobody takes capitalization seriously.

I think that outside of security or incident response venues, denial of service should be written in full and not abbreviated.

Re:Denial of Service, abbreviated DoS

[ArcherB]

Actually, there is a difference between DOS and MSDOS. DOS, Disk Operating System, is a generic term.

Re: Denial of Service, abbreviated DoS

[Black+Parrot]

As opposed to Distributed Denial of Service, DDoS, which is when all the girls you know conspire not to give you any.

The real cause

[I+Like+Pudding]

One guy set up a distributed job to run this:

#!/bin/sh
$0 &
exec $0

Re:The real cause

[Zaatxe]

I like "while(1) {fork();}" better...

My operating system teacher told us about this one and told us never to do that. Needless to say that a dude wrote, compiled and run this code like 5 minutes after the end of the class... in our main server... pfff...

The summary forgot to mention the rest

[moochfish]

So, it didn't take long... CNET is reporting that Sun's new Grid computing service (reported yesterday) has already been the victim of a DDOS attack. "

...As thousands of hackers asked The Grid... What is The Answer to Life, the Universe, and Everything?

Re:The summary forgot to mention the rest

[zlogic]

This proves that Google has better grid computing than Sun's - it computes the answer in less that a second:

http://www.google.com/search?hl=en&q=the+answer+to +life%2C+the+universe+and+everything&btnG=Google+S earch

To summarize...

[gurutc]

Proves that 'If you build it, they will come.'

Please, rewrite this in english.

[Tei]

Please somehome with good english rewrite this post.

Sun, as always, have some very good futuristic ideas. Ideas too good for nowdays, but will work on the future.

You already know Java, and "The network is the computer", and theres is another The Grid.

The Grid is another use of the internet, as The Web is the net of web pages, The Grid is the net of network resources shaped in a way that A Single Execution can run on a virtual giganteous virtual computer. Its not magic, only code written to use this level of paralelism will work, and you need to use some "standard" framework, but is still C, (or perl if you want) code. As I write this, theres some guys migrating applications to the Grid framework.

Actually the need for that giganteouse computational power on a simple C executable is experiemental data generated by particle accelerators like the LHC (aka, from the CERN, the same guys create the World Wide Web). Withouth the Grid you have not enough computational horsepower to analize that much data.

Sun, and these guys think this interesting use of technology will grown, and soon guys like Liberty, Visa, Bayer, etc.. will use that horsepower to crunch hugue computational problems, problems that huge that actually looks not feasible. And because The Grid use some sort of "p2p" alike technology ... You Can Join The Grid!.. and theres are lots and lots of grid nodes on universitys around the world. So your scientific app is calculated trough 90 nodes, that where 90 computers around the world, but you only execute a single C app (a C batch app).

With this setup, Its a non-sense that hackers attack sun. WHY?!!!.. The Grid is a idea a true hacker sould LOVE, not hate or attack. Imagine a world where "hackers" attacking the first web server to shutdown the worldwideweb idea. What lameness...

I am a hacker, and I think these guys hare not more than vandals withouth respect for technology, or withouth pride for scientific effors on IT.

Kinda missleading

[ChrisRijk]

The way the summary is written, you'd think that actual site was down or something. But the website and grid itself was fine - it was just the free example (running on separate hardware) that got busy. (I dunno how busy - I accessed it yesterday and it was fine at the time).

I dunno, Slashdot could have reported on something more meaningful - like Sun GPL'ing their latest processor. You can download it here:
http://opensparc-t1.sunsource.net/download_hw.html

There's a decent write-up here:
http://www.itjungle.com/breaking/bn032106-story01. html

Manufacturing fab not included...

YOU ARE WRONG, POSTER

[Heembo]

The sun grin did NOT GET DOS'ed. The DEMO SERVER got dos'ed, and when they moved such code back into the grid the DOS attack was mitigated. RTFA.

Donkeys and Bureaucrats

[fm6]

There's no excuse for vandalizing somebody's system. But it wouldn't be so bad if Sun weren't so damned bureaucratic. I read in the article that the demo was still available to people who had grid accounts, which you just need a verified PayPal address to open. I have one of those, so I thought I'd sign up just to get a look at the demo. After 5 minutes of answering strange, intrusive questions (who do I work for? what projects do I have in mind? where's the money coming from?) I gave up. Of course, Sun didn't lose anything by failing to satisfy my idle curiousity — but I'm sure that serious potential customers are also being turned off by this.

I've contracted at Sun a couple times, and I'm continually amazed at their bureaucracy. The amount of pointless paperwork (now done through the web, but still tedious and time-consuming) is just mind-boggling. And I'm actually more patient with it than the regular employees, who vent like a volcano whenever the subject comes up.

Also, I have to point out that any freely available web application with high visibility has to be designed with a potential DDOS attack in mind. It's kind of disappoint that nobody though of this when they created that demo.