North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: remember the lesson of the sendsys bomb

  • From: Alex P. Rudnev
  • Date: Tue Jan 04 03:18:24 2000


What was you talking about? Wait a few days and compare the bills; don't wonder
seen '290% fee or 1024 hours/day', or 'we can not measure your login time'.

Real problems are waiting for us yet.

On Fri, 31 Dec 1999, Paul A Vixie wrote:

> Date: Fri, 31 Dec 1999 23:13:25 -0800
> From: Paul A Vixie <[email protected]>
> To: [email protected]
> Subject: remember the lesson of the sendsys bomb
> at the 1988 usenix in san francisco, rick adams of uunet ran the uucp bof and
> told a story of a forged sendsys message intended to melt somebody's inbox.
> this was timed to coincide with a usenix, since most news admins would be at
> the show rather than home watching their servers.  (shows did not have terminal
> rooms at that time.)  thus the cats were away the mice were at play.
> (sendsys, for those of you not in the news field, is a 'control message' that
> used to be used to get a news-neighbor to send their "sys" file via e-mail;
> this was used for debugging and early access controls on it were nonexistent.)
> well, most of the news servers by that time were configured to mail all such
> control messages to their local administrator, who could then approve them by
> hand if they weren't stupid and abusive (which they almost always were).  so
> the forger's intent of inundating some victim's inbox with thousands of "sys"
> files from autoresponding systems seemed destined for some frustration.
> except that so many admins were away and had set up "vacation" autoresponders
> saying "hi, i'm at usenix, i'll be back on friday" and so few of these vacation
> robots had enough intelligence to not autorespond to other robotic e-mail such
> as "sendsys message received - approval required" that the news system ended
> up melting the victim's inbox ANYWAY.
> the lesson of the sendsys is that after a 24 or 36 hour period of continuous
> wakefulness, sean and alan and the rest are going to have to SLEEP.  *that*
> will be the time when some perfectly normal event like a route spew or heavy
> flap or genetic IOS defect will make itself known, and *that* will be the time
> when Y2K finally kicks us all in the head.  not because of the date change,
> but because everybody stayed awake too long and upset their normal vigilence.

Aleksei Roudnev,
(+1 415) 585-3489 /San Francisco CA/