sometimes i hate the internets

22 September 2005, 3:52 pm

Really. Don’t laugh.

There’s lots of stuff I like about the ‘net. I mean, it enables my so-called career, fer zample.

But sometimes it overwhelms. Take today (please!)

Coz sometimes Occam’s Razor will leave your face a big ol’ mess of nicks.

Thing #1 was not my bad. When I woke up, both my biz email box and my personal email box were being positively deluged with copies of the NetSky virus. This was a bummer, as I’ve gone to great lengths to keep my primary biz addy away from spammers and evil doers, and fishy, because there are very few folks who know both addresses.

Thing #2 was my own damn fault. After all these years I’m well aware of the harm “mail loops” can wreak (this is basically when a message replies to itself — you wind up with hundreds of copies of the message, until they fill all available space). I put considerable effort into thinking of the safest way to switch the filtering on my personal email, but I missed something important. That made a mail loop possible under certain circumstances.

Thing #3 was a vicious coincidence — Murphy must have hired a sadistic meter maid to enforce his Law. At exactly the same minute I created the possiblity for a mail loop, a spammer/hacker exploited a minor vulnerability in another web page I built (Thing #4, my bad again) and sent me messages that begin to loop.

The vulnerability wasn’t serious enough that the page could send spam or viruses to other people. The spammer figured that out after about 3 minutes, during which he/she sendt 139 messages to me through the page.

If there hadn’t been a mail loop in place, I would have received 139 bogus messages. I would’ve been annoyed. I would have fixed the vulnerability immediately and gone on with my life.

Because of the loop, each of those 139 messages was repeated an infinity of times. Which meant “server go boom” in pretty short order.

What might be instructive about this is how very hard it was to troubleshoot.

The virus flood and the spam flood initially looked like they might be related. That was a red herring. I think it was a complete coincidence that those two things happened simultaneously.

On the other hand, the email loop problem was masked by the fact that a real attack occurred at the very same time — it didn’t behave quite like a “mailbomb” attack or a mail configuration error, but it was much more like the former. It also relied on a precise time coincidence.

The vulnerability on the other web page was not immediately obvious. I had an urgent, obvious issue with the mail server, and no immediate reason to suspect a web page somewhere else, especially not one I’d built a while ago, and that hadn’t had prior security problems.

I think the core lesson of Occam’s Razor is to be wary of coincidences. It’s more likely that two simultaneous problems will have a single root cause than two unrelated causes, let alone three unrelated causes.

But that’s less true as the complexity of a system increases.

I’ve been doing some reading lately on the subject of accidents, and designing systems to mitigate the effects of accidents. There are elements my unpleasant morning has in common with famous incidents like the AT&T telecommunications failure of January 1990 — causes and results were tangled in ways that were not obvious or intuitive.

If I learned anything, it’s that nothing on the ‘net is ever simple. My mail server is never a truly a discrete system, because as long as it’s connected, any other machine on the Internet can act in a way that potentially affects mine.

And despite the number of people who think my ‘net habits verge on the paranoid, days like this make me think I’m not quite paranoid enough.

(Ah well. At least I found Theo’s favorite toy. That’s one accomplishement for the day.)

2 comments on “sometimes i hate the internets”

  1. Terri

    Coincidences AND Occam’s Razor in the same post? I give Ezra approximately 2 minutes from the point of reading this to comment.

  2. Ezra

    …er… except that I don’t have anything to add. Except that yeah, sometimes I hate the internets too.

    For similar reasons, usually.

Comment

Comments are subject to moderation. Unless you have been whitelisted, your comment will not appear on the site until it is approved. Links are allowed for whitelisted commenters; images are not permitted.