DHS Injects Itself With DDoS

An anonymous reader writes "Here's a story about what can happen to any enterprise IT department that overestimates the intelligence of its users. Only in this case, the enterprise in question is the U.S. Department of Homeland Security. The spokesman says there's no Jack Bauer mentality. No kidding!"

Re:DHS

[JonathanR]

It's Allhu Akbar, you imposter.

(A idiomatic translation of which is embossed/printed on all US currency)

Re:DHS

[Dishevel]

Security is not nearly as important as Freedom. I mean hell. We might as well let everyone go aboard aircraft with knives and scissors and such. Never again will a few semi-armed men be able to take control of an aircraft again. Passengers will not let it happen. We only need security at the borders and the ports. The Air is safe.

Re:DDoS?

[E+IS+mC(Square)]

a mailing list with a lot of people hitting "reply all" really isn't the same as a DDoS attack

May be not in this case, but thats exactly what happened when network came to standstill and exchange servers melted down for exactly the same reason for very large company I work for.

It started with a very creative admin creating a mailing list "to-all". Within 3 hours, somebody who had a lot of time on his hand found it out and sent out some naive message to the list. The classic snowball effect followed with "remove me"s and "stop replying to all"s - and within next 3 hours, it became so bad that the only option left was to purge queues and shut down all the email servers, which resulted in hundreds of emails bounced and lost - internal as well as external (which I am sure also resulted in loss of revenue directly or indirectly). And I guess thats what DDoS means.

It was funny and sad at the same time - you can't stop laughing at stupidity of people and their ability to do better than any other virus sending bulk emails to all in your addressbook.

Re:DDoS?

[jbengt]

We encountered a pretty stupid configuration issue where I work once.
A guy who was going on vacation set up an out-of-office reply, but set it up to reply to "all employees".
"Reply only once" was not set, and apparently automatically replying to the group "all employees" includes sending a reply to the sender who then receives the reply and sends a response to everyone, including himself. So the system entered an infinite loop.
I got into the office early and could actually still log in; I had about 100 e-mail messages at the time. Within 5 minutes the email system bogged down completely, so it was shut down manually. After an hour or so of figuring out what had happened, the offending account was modified, the mail boxes were wiped clean, and the previous night's backup was restored.

It was hilarious

[gumbo]

This was too funny, I was reading these messages all morning. So many completely stupid people sending messages out with their title, agency, often phone numbers, etc. Some having fun with it and a whole bunch going "stop sending e-mails!" The best was the official reply that came a few hours in, which said "please don't use 'reply all.'"

Even better was that anyone in the world could send to the mailing list, it didn't even check to see if you were subscribed before sending your message out. Trust me, I tried it. You also get a few hundred more e-mail addresses and all kinds of internal company details from the out-of-office replies (e.g., "I'm on medical leave, contact so-and-so at x1234").

Now, it was no big surprise, I do security in the federal government and so I know how clueless so many of my coworkers are. But it was hilarious to watch it all play out so publicly and persistently; it just kept going throughout most of the day.