• noice (unregistered)

    fr1st

  • noice (unregistered)

    fr1st

  • Robert Morson (google)

    Hey, Charles, referring to the scientists as hacks is bad enough; calling them ugly is just unnecessary.

  • Matt (unregistered)

    "Xander had batched up the resent requests and was running them from three different machines, thus providing a remarkbaly good simulation of a DDoS." Or remarkably. One of the two...

  • Bert (unregistered)

    Academic software is always a POC and a POC. No exceptions.

  • (nodebb)

    Joe lacks imagination. Or the designers of the IM suite lack imagination. Or both. There's any number of emojis on my iPhone that could be used to convey that level of displeasure. I'd recommend, however, using them in combination rather than individually.

    (Angry Red Face, The Scream, Explosion, Flames, Dagger, Crossed Daggers, you get the picture.)

  • I dunno LOL ¯\(°_o)/¯ (unregistered) in reply to Steve_The_Cynic

    Is there a two-by-four emoji? Not that Simon would have cared, he would have just sent the PFY down to deliver a real one.

  • Hanzito (unregistered)

    Oooh, this sounds suspiciously much like the NLP application I worked on and that has a lineage of increasingly worse programmers maintaining it. Are these the remains of RightNow?

  • reminds me of an old Fork "bomb" (unregistered)

    During studying our Professor gave us access to his SUN workstation running on Solaris 5.9. So we could use a rather up-to-date system instead of the SUN-1 Workstations. So about 15 students connected via XDMCP to this SUN.

    Lesson for this day: Create a child Process using fork(). Everything went fine until one student decided to create 100 child processes at once. So as you imagine correct:


    while (i < 100) { pid = fork(); do something; }

    and YES, he did not create 100 childs, he created just a bunch more. after a few seconds the SUN stoped responding and now 15 XDMCP sessions were trying to reach this SUN resulting in a DDOS on our campus.

  • (nodebb) in reply to reminds me of an old Fork "bomb"

    Your professor should have read carefully about "ulimit" and how it can help him prevent this kind of thing.

    And of course if the offender didn't include i++; somewhere in the loop, that would have make the machine irrecoverable except possibly via the system console.

  • reminds me of an old Fork "bomb" (unregistered) in reply to Steve_The_Cynic

    yes, he should have set limits.

    but just to make it worse he pulled the plug out of the wall because the SUN was not responding at all resulting in a total CRASH.

    the rest of the exercises had to be done on the local machines.

    i can't remember if the i++ was also missing, or if only the "if (pid == 0) part was missing"

  • lel (unregistered)

    sadasd

  • lel (unregistered)

    lel

  • lel (unregistered)
    <script>alert('XSS');</script>
  • Avium (unregistered) in reply to reminds me of an old Fork "bomb"

    Yeah. A buddy of mine back in college did something similar. He had the if (pid == 0) part backwards so instead of one process creating 10 children he had 10 processes that created 10 children each, which created 10 children each, which created 10 children each, ...

    Yes, that is an exponential growth pattern. And no, it is not recoverable at the console. Well, it might be but waiting 10 seconds between hitting a key and seeing the character show up on the screen makes it problematic.

  • lel (unregistered)

    /*

  • lel (unregistered)
    <!---
  • Bill T (unregistered)

    Ah, a Domestic Denial of Service attack! "The call is coming from inside the house."

  • lel (unregistered)

    <img src=javascript:alert('hey')>

  • lel (unregistered)

    <IMG """><SCRIPT>alert("XSS")</SCRIPT>">

  • lel (unregistered)

    <IMG SRC=javascript:alert( 'XSS')>

  • lel (unregistered)
    <BODY ONLOAD=alert('XSS')>
  • lel (unregistered)

    LEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEL

  • Another Anon (unregistered) in reply to lel

    Give it up, script zygote.

  • Carl Witthoft (google)

    I did something similar once, intentionally, but without considering the possible outcome. I wrote a script for the company's VAX 11/784 that did nothing other than spawn 2 instances of itself. Wow did that take off fast. I was able to delete the source file before everything ground to a halt, luckily

  • Friendly_Reminder (unregistered)

    Reminds me of my days at the Uni. The students had some terminals that where connected to a main server where every application would ran. Of course everything ran really slowly when 20-30 students would connect at once and try to learn Java with BlueJ. The app would crash randomly, so one time a few students just started the app about a dozen times, so they wouldn't have to wait so long to continue working when one app crashed. Simply load the project in the next instance.

    About a minute later the admin stormed into our room and went straight to the students that started the multiple instances. "What the heck are you doing here? You're bringing the whole server down!" or something similar where the admin's words.

  • operagost (unregistered)

    Please ban LEL's entire geographic location.

  • TurtleBull (unregistered)

    As a sysadmin for a good number of years, I can guarantee this is one of those moments where this user would suddenly find his network connections broken and a feel light tap on the shoulder a moment later. Depending on how far I'd have to walk. Emotes only go so far. Sometimes, actual emotions need to be vented....

  • RichP (unregistered)

    I call BS. I've worked with Xander before, as have most/all of us here. He may have been a different age or gender, but we've all seen it. Xander would have repeated his DDOS, just to be sure it was really him. He would not have asked first.

  • Ulysses (unregistered)

    Disastrously Done Oratory Software.

  • lel (unregistered)

    <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>

  • q (unregistered) in reply to lel

    ...eeeeeroyjenkins

  • mz6lu (unregistered)

    lel would be an appropriately smug username to post a working XSS with. but this is just embarrassing

  • mz6lu (unregistered)

    also, isn't this formatted with markdown? why would most of these work at all?

    this is markdown, right?

  • mz6lu (unregistered)
    ![does this work?](data:image/png;base64,some_base64_junk)
    

    ![does this work?](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIIAAABGAQMAAAA6tN4cAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QYcBggRIqepSAAAAB1pVFh0Q29tbWVudAAAAAAAQ3JlYXRlZCB3aXRoIEdJTVBkLmUHAAAABlBMVEUAAAD///+l2Z/dAAAAOElEQVQ4y2P4jwYOMAwBkQP8YJoBxPrDMJREIMSQEQF7AIkY CiJgt4OI////DBURuAeGjsjQKzcA7xg+7KvUWz8AAAAASUVORK5CYII=)

  • mz6lu (unregistered)

    idk what i really was trying to accomplish here

  • Unhelpful (unregistered) in reply to mz6lu

    Irritation for others, and embarrassment for yourself. TDWTF's source is available elsewhere for you to inspect or mess around with on your own computer.

  • derp (unregistered)

    Apropos the subdiscussion on fork bombs... During my edumacation to become a programmificater, our operating systems course lecturer said that linux has protection from fork bombs just as a sidenote during a lecture in preparation for an assignment. This had the result that 20 different people all at the same time in the lab systems ran a fork bomb. It turned out that no... Their particular install of linux did not have the protection enabled. As proven by the very irate sysad that stuck his head into the lab space wondering what the fuck we were doing. :P

  • hohu (unregistered) in reply to reminds me of an old Fork "bomb"

    Reminds me of college. When you wanted to logout of your remote session to one of the 4 Indy machines our faculty had, it took a while. After you typed 'logout' it took about 30 seconds before you were actually logged out. Since we telnetted into the Indys from dos machines that meant you had to sit there twiddling your thumbs for 30 second.

    Then someone found out that while ( 1 ); do netscape&; done loggout you out instanteneously. It happened to log out anybody else working on the same machine as well, because it caused an instant reboot.

  • ZoomST (unregistered)

    Xander: "Hey Joe, sorry about that, LOL. But are we 100% sure that was the problem? Should I do it again just to be sure?" Joe K: “HELL NO!!!” Xander thinks: "are we 100% sure? Joe said No. So I'll do it again!"

    Here, FTFY.

  • croias (unregistered)

    So we have some high-and-mighty architect who of course, does everything perfectly and everyone else is an incompetent moron.

    BULLSHIT

    Instead of trying to help these guys he just complains. Then when something goes wrong his advice it "do it right". WTF, that's the work equivalent of "get good bro".

    This isn't a technical problem, this is an interpersonal skills problem.

  • (nodebb) in reply to Steve_The_Cynic

    Irrecoverable except by power button. Even the system console will be locked out.

Leave a comment on “Not so DDoS”

Log In or post as a guest

Replying to comment #:

« Return to Article