Slashdot Mirror

← Back to Stories (view on slashdot.org)

Was This the First Denial of Service Attack?

Posted by timothy on from the read-the-disclaimer-about-calling-first dept.

An anonymous reader writes "Way back in 1974, Dave Dennis, then aged 13, decided to try out the -ext- TUTOR command on the PLATO system at the University of Illinois, and see if he could cause all the terminals of other users to go offline. It worked. And he never got caught. Of course, the powers that be eventually caught on and fixed the -ext- command so terminals by default didn't automatically receive -ext-'s sent from other locations."

12 of 166 comments (clear)

  1. Short answer by TinBromide · · Score: 5, Funny

    Yes

    --
    Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
  2. Seems fitting by JorDan+Clock · · Score: 5, Funny

    The first recorded denial of service was performed by a 13 year old, who was basically using a "script kiddie" technique? Well, color me surprised.

    1. Re:Seems fitting by Cryacin · · Score: 5, Funny

      He made it himself. He wouldn't trust anyone else to get the spelling right.

      --
      Science advances one funeral at a time- Max Planck
  3. Frist Post!! by Anonymous Coward · · Score: 5, Funny

    And last post...

    -ext- :D

  4. So they could receive commands!? by Darkness404 · · Score: 5, Insightful

    So, let me get this right. You could more or less get a list of addresses, and they would accept commands without question if you just typed in the commands and the right address? Sounds like the worst security system ever.

    --
    Taxation is legalized theft, no more, no less.
    1. Re:So they could receive commands!? by Anonymous Coward · · Score: 5, Insightful

      So, let me get this right. You could more or less get a list of addresses, and they would accept commands without question if you just typed in the commands and the right address? Sounds like the worst security system ever.

      Yeah, but this was 1974, when overly-trusting users used commands to do USEFUL things, rather than cause mischief (or shove adverts in front of you)!

    2. Re:So they could receive commands!? by pookemon · · Score: 5, Funny

      So I'm guessing you weren't around in 1974. It might also surprise you to learn that once upon a time there were no virus scanners or firewalls. I bet I just blew your mind with that one...

      --
      dnuof eruc rof aixelsid
    3. Re:So they could receive commands!? by mysidia · · Score: 5, Insightful

      They were crypted... why would you need to hide a strong password that was crypted? Shadow'ed passwords are an ugly hack.

      Also, if you restrict "shadow" passwords so only root can see them, then suddenly every program that needs to perform authentication must be setuid root...... this is a security risk. In that era, possibly a much larger security risk than the risk of a strong password being cracked.

      The problem wasn't failing to use shadow passwords. It was (1) UNIX users who set weak passwords, and (later), an (2) explosion in computing power, making it easier to attempt to crack the passwords.

      Also, the reverse-engineering of the original DES-based crypt binaries allowed inefficiency that was intentionally contained in the algorithm to slow it down (making use for cracking improbable), to be removed, after years of study.

      The DES-based crypt() algorithm was optimized into fast-crypt which was orders of magnitude faster, and actually made password cracking feasible. If a harder cryptographic algorithm would have been used -- then matters could be very different.

      The latter bit they should have seen coming. The explosion in computing power was by no means a certain development, it wasn't an immediate issue at the time.

  5. Denial of Service was happening a long time prior by cvd6262 · · Score: 5, Interesting

    Back in the 19th Century (in the US anyway), mail *recipients* paid postage to get their mail from the local general store. Political figures and others who might have a negative following would receive scores of blank letters and have to pay for them. The objective was to either crowd out the legitimate communications or bankrupt the recipient. Traditionally, one could place an ad in the local paper explaining that he or she would no longer receive letters at the store, which would free them from their obligation.

    --

    I'd rather have someone respond than be modded up.

  6. A Possibly earlier one... and a funny story. by DougReed · · Score: 5, Interesting

    The earliest one I know of was by the smartest man I ever knew (and the strangest). He was my mentor. In the IBM 360 days this guy used to write code .. COMPLEX code in binary on the roller bars on the front of the console because he was too lazy to logon. He made IBM's code more efficient by eliminating all modularization. It was more efficient to just have one big super efficient kernel, so he redesigned their system, and got something like 140% efficiency out of the hardware (40% greater than theoretical possibility) by IBM's own benchmarks, and found a security hole in their code in the process .. as he put it "bit enough to drive an 18 wheeler through", which he reported to them. They told him it was his hacking, he broke something ... NOT OUR CODE!!! IBM CODE CAN'T BE BROKEN!!! So he went to their 'demo center' and fed in a deck of punch cards.

    On the IBM Selectric console in the IBM demo center, it printed.

    "May I please have a cookie?"

    The operator ignored it.

    8 hours later during shift turnover It printed

    "I never got my cookie"

    The two operators looked at it, shrugged, and ignored it. The dayshift operator went home.

    4 hours later the console printed.

    "You're not a very nice operator either, I never did get my cookie"

    The operator thought the guys upstairs were fooling around and ignored it.

    2 hours later.

    "WHERE IS MY COOKIE!"

    hummm...

    1 hour later.

    "Dammit give me a cookie!"

    30 minutes.

    "I WANT A COOKIE!"

    15 minutes ... 7.5 minutes ... eventually we get to 32 cookies this second .. 64 cookies this second ... 128 cookies this second.

    An IBM Selectric typewriter which is the main console for a 360/65 cannot print even the word cookie in a second, much less a whole sentence, and certainly not 128 of them! There was ONE way to crash a 360/65 .. Fill up the console buffer. The system considered console messages to be important, and if the system couldn't print all of them, it halted.

    Reboot ... excuse me... Mainframe terminology here... "IPL" the system. First console message:

    "You know, I never DIID get my cookie!" .. and the process starts over.

    Finally IBM called my mentor...

    um... did you submit a job to the demo center?

    Yes, but don't worry, it was just a simple 'unprivileged' process, and as you said, your security is flawless, so I am sure there is no danger. :-)

    Sir, I think we are prepared to acknowledge that there MAY BE a security hole in our system somewhere. It seems that your job never finished and yet it does not seem to exist in the system anywhere. Our experts tell us we have to re-install the operating system to fix it. Do you have any alternative suggestions?

    Just one... Go get the best operator you have and put him on the console and call me back.

    Yes sir... .. an hour later

    Sir, this is king super operator, they just called me back in to work to assist you in solving our issue.

    OK ... now listen carefully. I am only going to say this once. Type carefully, and don't screw this up .. are you ready?

    Yes sir.

    Good type this ... "c" "o" "o" "k" "i" "e" ... now press "Enter"

    Console prints . "Thank you that was good", and the job ends.

    After that IBM never ever questioned it if my mentor reported a problem with IBM software ever again.

  7. Re:A Possibly earlier one... and a funny story. by feijai · · Score: 5, Informative

    The story of the Cookie program, in the words of its author.

  8. Actually ... by Anonymous Coward · · Score: 5, Funny

    This type of denial of service was already quite common long before that.