Slashdot Mirror
Was This the First Denial of Service Attack?
An anonymous reader writes "Way back in 1974, Dave Dennis, then aged 13, decided to try out the -ext- TUTOR command on the PLATO system at the University of Illinois, and see if he could cause all the terminals of other users to go offline. It worked. And he never got caught. Of course, the powers that be eventually caught on and fixed the -ext- command so terminals by default didn't automatically receive -ext-'s sent from other locations."
Yes
Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
The first recorded denial of service was performed by a 13 year old, who was basically using a "script kiddie" technique? Well, color me surprised.
And last post...
-ext- :D
Article was DoS so I didn't get First post
You don't have permission to access /blog/2010/02/perhaps-the-first-denial-of-service-attack.html on this server.
So, let me get this right. You could more or less get a list of addresses, and they would accept commands without question if you just typed in the commands and the right address? Sounds like the worst security system ever.
Taxation is legalized theft, no more, no less.
Ever heard about reinarnation?
I always think of DoS meaning flooding a system with requests, causing all resources to be used, thus nobody can get service.
It seems like this guy just found a "Halt and Catch Fire" instruction and an overly trusting security policy. Which may have been a first something, but not really a DoS, right? Or am I missing something?
Ever heard about reinarnation?
Is that there you are inarnated? No, never heard of that, can you explain it in a little more detail?
Moved to http://soylentnews.org/. You are invited to join us too!
It used to be possible to crash early Sun servers (or at least the terminal server attached to the server by trying to copy data from a virtual terminal (cat /dev/ttyp0) or something similar.
One university department tried to get around the user quotas on commercial UNIX licenses by creating a single user account for an entire class. Hilarity ensued as students working on real-time projects would accidently kill each others processess.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
of when my friends and I installed Descent and Doom in the computer lab at the local community college to play deathmatches. This was during finals week, and we were on DOS/windows 3.1 machines and I believe that this was pre-TCP/IP on that particular network. The game would bomb out after about 15 minutes of playing or so, and the computers would lock up, so we'd have to reboot everything and get back into the game. After about 2 hours of playing and yet another network crash, someone knocked on the door of the room we were in and asked us if we were having network problems, too. Apparently we were bringing down THE ENTIRE BUILDING every time we started playing. There were people literally in tears in the hallway because they lost their papers they were working on.
We just kind of shut down our computers and casually walked out without drawing any undue attention to ourselves.
If you were trying to get attention for being a young person on Slashdot, you didn't have to tell us how young you are. Your punctuation is enough.
Back in the 19th Century (in the US anyway), mail *recipients* paid postage to get their mail from the local general store. Political figures and others who might have a negative following would receive scores of blank letters and have to pay for them. The objective was to either crowd out the legitimate communications or bankrupt the recipient. Traditionally, one could place an ad in the local paper explaining that he or she would no longer receive letters at the store, which would free them from their obligation.
I'd rather have someone respond than be modded up.
First packets sent by Charley Kline at UCLA as he tried logging into SRI. The first attempt resulted in the system crashing as the letter G of LOGIN was entered.
I'd bet that part of the initial DARPA deployment testing involved deliberate attempts to jam the network
Just saying....
In the late 60's it was routine for students learning COBOL to play with the "DISPLAY UPON CONSOLE" directive and flood the operator's console with messages. The operator would have to manually acknowledge each and everyone. This then create a denial of service attack in as much as the operator couldn't respond to other requests. Was really annoying for operators and other users.
you've overplayed your hand... enjoy your life of posting at -1 two times a day.
In high school in 1974 our district (8 schools) used an HP access timesharing system. It ran the BASIC language. I was able to write a very short program that would cause the system to crash. Having discovered this bug in the system, I was able to bring down the entire district's computers at will. I had discovered this capability while exploring a new feature of BASIC. Fortunately for them, I was ethical and informed my teacher who at first didn't believe the exploit until I demonstrated it in front of her. We then contacted HP, gave them the code, and they came up with a patch within a couple of months. I'm not sure if anyone at HP can confirm this at this point.
I am sure that there are probably earlier exploits as well.
And as a side note, I was also a PLATO author in 1975 and greatly enjoyed working on that system.
Worked on DECstations. The GUI preferences were global.
I want to delete my account but Slashdot doesn't allow it.
The earliest one I know of was by the smartest man I ever knew (and the strangest). He was my mentor. In the IBM 360 days this guy used to write code .. COMPLEX code in binary on the roller bars on the front of the console because he was too lazy to logon. He made IBM's code more efficient by eliminating all modularization. It was more efficient to just have one big super efficient kernel, so he redesigned their system, and got something like 140% efficiency out of the hardware (40% greater than theoretical possibility) by IBM's own benchmarks, and found a security hole in their code in the process .. as he put it "bit enough to drive an 18 wheeler through", which he reported to them. They told him it was his hacking, he broke something ... NOT OUR CODE!!! IBM CODE CAN'T BE BROKEN!!! So he went to their 'demo center' and fed in a deck of punch cards.
On the IBM Selectric console in the IBM demo center, it printed.
"May I please have a cookie?"
The operator ignored it.
8 hours later during shift turnover It printed
"I never got my cookie"
The two operators looked at it, shrugged, and ignored it. The dayshift operator went home.
4 hours later the console printed.
"You're not a very nice operator either, I never did get my cookie"
The operator thought the guys upstairs were fooling around and ignored it.
2 hours later.
"WHERE IS MY COOKIE!"
hummm...
1 hour later.
"Dammit give me a cookie!"
30 minutes.
"I WANT A COOKIE!"
15 minutes ... 7.5 minutes ... eventually we get to 32 cookies this second .. 64 cookies this second ... 128 cookies this second.
An IBM Selectric typewriter which is the main console for a 360/65 cannot print even the word cookie in a second, much less a whole sentence, and certainly not 128 of them! There was ONE way to crash a 360/65 .. Fill up the console buffer. The system considered console messages to be important, and if the system couldn't print all of them, it halted.
Reboot ... excuse me... Mainframe terminology here... "IPL" the system. First console message:
"You know, I never DIID get my cookie!" .. and the process starts over.
Finally IBM called my mentor...
um... did you submit a job to the demo center?
Yes, but don't worry, it was just a simple 'unprivileged' process, and as you said, your security is flawless, so I am sure there is no danger. :-)
Sir, I think we are prepared to acknowledge that there MAY BE a security hole in our system somewhere. It seems that your job never finished and yet it does not seem to exist in the system anywhere. Our experts tell us we have to re-install the operating system to fix it. Do you have any alternative suggestions?
Just one... Go get the best operator you have and put him on the console and call me back.
Yes sir... .. an hour later
Sir, this is king super operator, they just called me back in to work to assist you in solving our issue.
OK ... now listen carefully. I am only going to say this once. Type carefully, and don't screw this up .. are you ready?
Yes sir.
Good type this ... "c" "o" "o" "k" "i" "e" ... now press "Enter"
Console prints . "Thank you that was good", and the job ends.
After that IBM never ever questioned it if my mentor reported a problem with IBM software ever again.
Denial of Service is just about as old as marriage.
The first denial of service happened 200,000 years ago when the first woman invented the headache.
The story of the Cookie program, in the words of its author.
Back in my high school's UNIX system I used to like piping binary files to people terminals. It worked pretty well as a DoS and made a loud racket with the all the BEL characters.
Cntl-S could also be used to halt people's sessions, and "+++" would screw with people on dial up sessions.
The good ol' days.
I have the feeling that back in the 19th Century (in the US anyway) people like that would be having an abrupt and Frank discussion with Mr. Colt. Especially in the wild west. ;)
Science advances one funeral at a time- Max Planck
Yes, of course. 13 years old kids in 1974 got access to UI computer systems without paying for timeshare.
Our hero, managed to take a whole room of "terminals" offline with one existing command.
And now [queue evil music] 36 years later, having done nothing of note ever, he now seeks his hard-earned fame.
First ever DoS... or 49 year old sociopath longing for publicity... or just a liar. You decide. I already have.
E
See This journal entry I posted a while back... These days, at least in the US, I'd probably be up on federal wiretap charges or something. Back then, it was serious enough that they'd threaten to throw me out of college, but I never got any sense of there being jail-time involved...
Simon
Physicists get Hadrons!
I don't think it was quite as early as 1974, but somewhere right around there, I remember going to the "math room" in Jr High, and being able to access a terminal to get to "the main frame". It was something that used fan-fold paper (not a CRT). You could write BASIC programs on it, I think. I kind of remember writing stuff as complicated as 2D grid based Star-Trek type programs (one step up from Hunt the Wumpus).
Anyhow, we did have a command that we could type in that would crash the system, which we did once in a while, just to cause mischief. I really don't recall if we discovered it, or it was given to us (a la script kiddie), but it eventually ended up being a program called "runme" or some such...
Anyhow, letting random people on a "public" terminal to the mainframe of the San Diego unified school district is probably a thing of the past.
The best security breach, by far, however was an attempt to save money by re-using the fan-fold computer paper. Man, there was some juicy stuff on the flip-side of that stuff - names, addresses and IQ rating of all your class mates, payroll runs, all sorts of entertainment!
Simpler Times. Get off my lawn!
This issue is a bit more complicated than you think.
This type of denial of service was already quite common long before that.
Those were the days.... email, group notes, bloggs, instant messaging, p0rn, multiuser space and dungeon games, 512x512 graphics, decent keyboards
The security on the -ext- command was user settable for Authors.
Always fun to find someone who had toggled it to world "write" and to start up the microfich slide projector in their Plato Terminals unexpectedly. Even more fun if the slide projector still had a good supply of compressed air to rattle the terminal and flash the projector at the same time.
See cyber1.org
I once (well okay twice) used the "net send /domain" command to just creep everyone in my college of 1,500. The funny thing is that, I don't think the admins would have figured out it was me because they didn't track MAC addresses at the time. Was I the first?
PS: probably not!
Try the time Lagadha glued up a merchant's abacus
Well if that was the first DOS, then I'll claim the first "Slashdotted" on a PLATO system. In 1987 after the local admins cut off all access to chat ( due to abuse of the system by people sitting next to each other using "chat" ) I wrote a tutor script that caused a timeout error every second.
The result was to flush the keyboard buffer to common memory. Then the other terminals read the common memory and updated their display - Kind of like early IRC. Because this was written at the lowest security level, the admins couldn't block it. They deleted the original, but all the other authors had the code by then. It wasn't very efficient code, but they managed to keep it alive despite the best attempts of the admin to get rid of it.
After the application consumed 99% or more of all recorded resource use for three months running (making all other resource access slow) I got my ass kicked off the system and they decommissioned that installation of PLATO (CALS).
Funny thing is I went back three years later in 1990 and managed to convince them to give me an unrestricted dial-in port for Internet access. My first! Several months later, they came to me and said "You're taking up all of our spare resources... You remind us of this guy who wrote a chat program on the old PLATO system several years back."
I never did own up to it at the time since no one knew my surname at the time ( That's another story entirely ). Although I did buy them another terminal server to make up for it.
GrpA
Enjoy science fiction? "Turing Evolved" - AI, Mecha, Androids and rail-gun battles. What more could you want?
Not likely. The 1st person who stuck a "latice card" into thier 80 column punch card set at a shared IBM manframe would get 1st DOS attack (dubious-infamous) honors, an event which surely occured before 1968 when I 1st heard of theses "all columns punched cards would cause both mechanical card reader and mainframe system errors.
Another similar trick I heard was to order a lot of large, cheap things in boxes and send them to a competitor, thus jamming up their supply line (they had all this stuff stuck on the unloading area and no place to put it). I'm not sure how often this was done, but someone must have done it.
Qxe4
Enough Said.
... in support of a US software patent ?
No no - you get inarnated again ...
Surprisingly there's actually a book on reinarnation...
http://www.antiqbook.co.uk/boox/ma9/36148.shtml
Taking out telegraph lines, signal towers, killing messengers. DoS attacks have existed as long as people have tried to communicate over distances. Even man in the middle attacks, intercepting and replacing semaphore messages etc.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Now the kid is 49 and they don't even give him job interviews anymore.
Ok maybe i should RTFA, but c'mon this is slashdot..
Doctors do Massage in Longview WA now, who knew?
No
I will back that up with my own story of a weaker DoS. The year was one of 1970-72, I do not know which. UC Berkeley had two CDC 6400s, A was normal, B was used for an experimental time sharing system and thus had an optional-at-extra-cost instruction, Exchange Jump, which swapped context. I had been toying with a Fortran program and gotten tired of it, so decided to finish it off in a burst of glory. It began execution in some obscure subroutine instead of MAIN, never called MAIN, and as it ground away at its nominal task, it gradually modified an innocent instruction into an Exchange Jump. But sadly, once it finally had modified it to the Exchange Jump opcode, there was no context, just a pointer to 0, and it farked the entire machine.
Now I wasn't truly anti-social. I had in fact written on the card deck that it was only to be run on machine A, not B. Unbeknownst to me, that Exchange Jump instruction was also used by diagnostic programs, and the tech was too lazy to disable it after each visit, just left it enabled at all times, so my Fortran program crashed the machine.
It wasn't much of a DoS, I will admit. The OS, CALIDOSCOPE (Cal Improved Design On SCOPE (Supervisory Control Of Program Execution)), could only handle 6 batch jobs at once at most, so that's the worst it could do. But I did get called in to the admin's office, who sighed and gave me that "What are we going to do with you?" look. He knew I wasn't malicious, but he had to warn me to not do it again.
Infuriate left and right
Remdinds me of this in a way: http://slashdot.org/articles/02/12/06/1554227.shtml?tid=133. Spam the spammer. ;)
The post-Civil War West was very rarely the kind of lawless anarchy that Hollywood portrays. There were a few specific times and places where it was, but those trouble spots got cleaned up pretty quickly. People don't like living with bullets flying randomly around their heads.
The early 19th c. frontier (which in those days was mostly east of the Mississippi) on the other hand ... yeah. But that was before "Sam Colt made them that way." Most of the killing was done with single-shot firearms or, very often, knives.
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
My own tale from 1974/5 was that my school had a time-sharing terminal and rented time from a local consulting company. Normally we used BASIC, but the maths teacher came back raving about the new language he had been taught at a weekend conference: APL. As one of the better pupils, I was given all the documentation, and went away to read up about it. A few weeks later, I had developed my symbolic differentiation program, and had carefully entered it in, and saved on paper tape. Unfortunately the program had a minor bug, so it used up *slightly* more CPU time than anyone might have expected. Apparently, the bill for the few seconds of run-time before I killed the program was over GPB 300 - a huge amount, and as it was pointed out to me, about the same as the computing budget for the entire year :( Fortunately the computer owners realised it was a mistake and didn't actually charge the school for the time - so I was off the hook, and took greater care to ensure that programs ran efficiently and bug free. A good lesson for a 13 year old.
No.
The first DOS would have been performed by a backhoe operator
This one for Trollkore
Law of unintended consequences - they cut off chat for something pretty minor (using chat when sitting next to each other - that's "abuse"?) and created a much bigger problem.
You use a lot of words, but they don't really make sense when put together. A "tutor script"? A timeout error every second that flushes the keyboard buffer to common?
The common "chat" program was talkomatic ("talk" on Unix systems is very similar, it allowed up to 6 people to communicate at once, with any number of additional people to monitor a channel), and it really wouldn't matter if everyone on the system was in it, it was fairly efficient, so I don't know why they'd want to prevent people from using it. The only resource it would use would be a terminal. Did they also disable TERM-talk, Personal Notes, notesfiles, and all games as well? I'd have thought you'd be more interested in writing a game in order to stick it to them rather than write a hideously inelegant and inefficient version of talkomatic.
PLATO was fairly conservative in giving out resources - if you went in "background" mode, you could use all the processing available, but got lower priority, and wouldn't interfere with anyone else running in "foreground".
Why wouldn't they just delete the author signons of anyone who implemented code they didn't want on the system, anyway? You can't write code anonymously on a PLATO system, and if they were trying to control things so tightly that they objected to people talking to one another, surely they'd tightly control who got author signons.
So, your story doesn't really make any sense.
My first DoS discovery was in October 1976. On IBM mainframes running VM/CMS, I found I could take down the entire system from an ASCII serial port connection, without even being logged in. At any prompt, including the "LOGON:" prompt (hence why being logged in was not needed), just press the RETURN key followed immediately by the BREAK key.
A couple years later when I obtained the source code to the system (bought it on a reel of tape, from IBM, for $150) I found the bug in the code that caused it. The "CP" kernel went into a loop trying to send a command to the I/O controller to reverse the direction of the half-duplex serial port, which would always fail because it had not received the interrupt informing it of the BREAK status, which it would never get because all I/O interrupts were masked off at that point.
now we need to go OSS in diesel cars
In 1972, I was a college student with more time on my hands than sense. Here's a few things I did to a $4 million CDC 6600 time-sharing system:
(1) Hells bells: This machine had ten PP's (Peripheral Processors) that offloaded I/O tasks. The PP's had for-the-time screaming I/O speeds-- all of 2MBPS. User disk space consisted of two washing-machine sized disk drives, 88MB total. A little metal arithmetic suggested that you could fill the disks in no time. so a 2-line FORTRAN program: 1 WRITE(1) 76437643764376437643B; GOTO 1 ... it filled up the disks in under a minute, bringing the system to a standstill. (7643B was the display code for ^G, bell) ( The system programmers quickly implemented disk space quotas after that ).
(2) There was a fixed-size open file table in the kernel memory area, usually configured for 400 files. There were no open file quotas. So a 2-line SNOBOL program could very quickly open up an number of empty temp files, bringing the system to a halt. ( FORTRAN programs could only work with files declared in the program header line ). ( The system programmers again very quickly implemented a limit on number of files per user ).
(3) On early core RAM modules, the modules were interleaved 8-wise, so each module only got accessed every 8-th word fetch.. But if you knew this, and wrote a program that jumped forward 8 words several dozen times, then jumped back to the start, one module would get accessed at the maximum possible rate and within a minute the module would melt down. I did not try this ( the 4K modules must have cost $100 or so ), but I heard of someone that did.
(4) The card punch was designed for punching text data, which had at most two out of every 12 rows punched per column. If one punched a few hundred cards of -0 (all ones on a one's complement machine), and did a DISPOSE(OUTPUT=PUNCHB), the card punch would overheat and melt down all the punch electromagnets. My boss at the time admitted to doing this.
(5) The line printers were amazing machines, extremely speedy, BUT if you write out a few hundred lines of "-------------------", the first column was carriage control, and the default cc tape would map "-" to mean "no line feed". A few dozen lines of that and the paper would cut through, bringing that printer to a halt.
]
(6) Same thing as (5), but with a "1" in column 1 would eject pages at the maximum rate, which was much faster than the paper stacker could collect the pages. There were page limits in place, but the poor operators would still be confronted by a printer covered with 100 pages of ejected paper.
(7) At first you could make system calls with bit 20 set, which meant asyncronously. You could issue these requests much faster than the OS or PP's could finish them, so you could easily tie up all the free PP's and that would instantly bring the system to a very slow crawl. Very soon thereafter, a limit of 2 PP's per user task was implemented.
There were more, but the statute of limitations may not be up for them.
No.
100,000 BC
"Krug, in next village, is giving away free Mammoth meat. Better hurry before it's all gone."
If I could moderate now, this would get a +1 Funny
Your mentor was Zero Cool?
The author and I were contemporaries and he forgot one very important reason he was never prosecuted. In 1974, there was no crime even if this had been done by an adult maliciously and for money. The pendulum, of course, has swung far in the other direction and users now face serious criminal charges for TOS violations.
By the way, many of us who have good heads for computer security learned during years before it became a felony to practice.
Seastead this.
I also kept systems up as a young boy. Wilcox computers North Wales. I was database programming back then. A good goth chix0r sat me on her lap as a kid and made me hand solder chips on the mother boards, She was mega-fit and I was "In love with her" She shown me everything how hard drives worked, How to database programme and installing hardware I just wish Dad had married her. That woman taught me everything I know about IT. Sorry if I am ranting. But she was amazing. Wilcox is now disbandoned, however, all the people from that company in the past now work for IBM/APPLE/INTEL/ATHLON/M$ and are Linux and BSD coders. It is a shame those days are gone today but I still love my Green Screen days! Love NSN
All cows eat grass!
In 1979 I was a student at Virginia Commonwealth University, using their Hewlett-Packard 3000 Series III minicomputer system. I discovered that:
-if you wrote a program called "A" which used the BASIC CHAIN statement to invoke a program called "B",
-and if you wrote a program called "B" which used the BASIC CHAIN statement to invoke program "A",
-and if you ran program "A" and waited about 30 seconds for the two programs to start ping-ponging back and forth between each other,
-and if you then used the "KILL" command to erase either "A" or "B" . . .
. . . the entire system would crash with a "hardware failure" message on the system console. Needless to say, this was great fun at exam time. BUT - upon the fourth consecutive failure, the fourth time the entire minicomputer had been disassembled and reassembled, the HP customer engineer decided to read the memory dump instead of running hardware diagnostics, and I was severely warned by the system administrator about doing this again...
Ask Me About... The 80's!