¿El primer ataque DoS de la historia?
Estamos en 2017, lo que implica que el ataque DoS (Denegación de Servicio – Denial of Service) cumple 43 años. Lo que nació como la obra de un geek (o friki como decimos por aquí) se ha ido convirtiendo en algo muy elaborado que afecta a multitud de sistemas. Además, gracias a Internet, su variante DDoS (Distributed DoS) es sin duda uno de los quebraderos de cabeza de los que trabajamos en esto.
Un poco de historia
Cuenta la leyenda que el primer ataque DoS ocurrió en 1974 gracias a la curiosidad de David Dennis, un estudiante de 13 años de la Universidad de Illinois. David se percató de la existencia de un comando en los terminales PLATO (uno de los primeros sistemas computerizdos de aprendizaje compartido, antecesor de los sistemas multiusuario) llamado «ext».
Este comando permitía conectar dispositivos externos y suponía que cuando se lanzaba, el dispositivo estaría presente, avisando de que únicamente era útil usarlo en ese caso.
Sin embargo, no avisaba de lo que ocurriría si no había dispositivos conectados. Cuando el comando se ejecutaba en un terminal así, se bloqueaba requiriendo un reinicio para volver a funcionar.
En este escenario, David tuvo la curiosidad de comprobar si era capaz de bloquear a todos los usuarios a la vez, de forma que el laboratorio quedase colapsado. Con esto en mente, desarrolló un programa que enviaba el comando «ext» a todos los terminales PLATO al mismo tiempo.
Como podéis imaginar, la ejecución fue un éxito rotundo, ya que bloqueó los terminales de más de 30 usuarios ante el asombro general. Este movimiento terminó con el bloqueo de la ejecución del comando «ext» de forma remota.
Os dejo la historia contada por David Dennis:
As far as I know, I’m the first person to have created a DoS of a room full of PLATO terminals deliberately. Systems people could of course kick anyone out they wanted, and «operator wars» had existed for years, but those tended to be consensual attacks on each other. What I did was I heard about a new command called the «external» command in TUTOR, or ‘ext’. Specifically, one of the music kids was saying how if you didn’t have a device attached, an ext command would cause your terminal to lock up and have to be powered off. Remember that powering off was discouraged, due to always-concern over flaky power to the plasma panels.
The other piece of this was they had rolled out the external command for everyone in the fall of 1974, after it having been only in use by the Music project. This meant that every user account on PLATO was set to defalt «can accept ext commands.» Default on.
If you recognize default enabled from any firewall work you’ll immediately recognize the trouble…
Anyway, I heard this and immediately thought of how a room full of annoying users could be locked up at once. My little 13 year old brain wanted to see a room full of users all be locked up at once.
So, I wrote a little program that sent exts to everyone within a range of site numbers, waited til I was over at CERL one morning, and let er rip.
It worked as advertised, 31 users all had to power off at once, great mayhem in the classroom, site monitors notified. No logging of course, I was never detected. Quietly left the room, went back over to uni.
Accessed the site displays I knew of from author mode, and looked up other sites around town or the country, and tried sending them some ext’s too. Was delighted to see mass posting on notesfiles about a locking out they were experiencing.
Soon some systems guys figured it out, probably a combination of common sense and maybe looking in some sort of logs, though I was never prosecuted or even approached, so I have to think to this day it was undetected. A few weeks later the ext command was withdrawn from ‘open all’ and a while after that was redeployed, this time with the default set to OFF. As it should have been all along. 🙂
So was there ever a DoS on a networked system prior to 1974 ? Im sure there had to be, but at least for the moment I’m claiming it !
Y la moraleja es…
Al final, es la historia de siempre. Si hacemos algo pensando en que la situación perfecta es la única, lo más probable es que alguien se de cuenta de que, si esa situación no se da, ocurre algo indeterminado. A partir de ahí, encontrada la vulnerabilidad, lo demás es jugar y eso es precisamente lo que hizo David.
Como dijo Chema en alguno de sus posts:
Entendemos como Software Fiable aquel que hace lo que tiene que hacer y como Software Seguro aquel que hace lo que tiene que hacer y nada más. Ese algo más entre el software fiable y el software seguro son los bugs.
En este blog puedes encontrar algunas entradas que te pueden ayudar a desarrollar software seguro como las de las contraseñas (esta o esta) o las de auditoría de código (esta, esta o esta). Con estos consejos podrás lidiar en la medida de lo posible contra ataques DoS como el que hizo David. En cuanto a los DDoS, eso es otra historia…
- GuardDuty: Un viaje a través del tiempo en AWS Security - 21 noviembre, 2023
- Webinar – Seguridad para familias - 11 enero, 2021
- SecurityInside Live: CISO Day 2020 - 17 septiembre, 2020
mexican online pharmacies prescription drugs
https://cmqpharma.com/# mexican drugstore online
п»їbest mexican online pharmacies
medicine in mexico pharmacies: online mexican pharmacy – reputable mexican pharmacies online
medication from mexico pharmacy
http://cmqpharma.com/# mexico drug stores pharmacies
mexican rx online
https://foruspharma.com/# medicine in mexico pharmacies
reputable canadian online pharmacy: reputable canadian pharmacy – canada online pharmacy
canadian drug: canadian pharmacy com – canadian online drugs
mexican mail order pharmacies mexico pharmacies prescription drugs mexican drugstore online
buying prescription drugs in mexico online: reputable mexican pharmacies online – medication from mexico pharmacy
purple pharmacy mexico price list mexican mail order pharmacies mexican pharmaceuticals online
https://foruspharma.com/# mexico pharmacies prescription drugs
mexican border pharmacies shipping to usa: mexican rx online – mexican drugstore online
buy medicines online in india: Online medicine home delivery – india online pharmacy
https://indiapharmast.com/# top 10 online pharmacy in india
onlinepharmaciescanada com maple leaf pharmacy in canada canadian pharmacy meds
canadian pharmacies comparison: canada rx pharmacy world – canada pharmacy reviews
mexico drug stores pharmacies: mexican border pharmacies shipping to usa – mexico pharmacies prescription drugs
mexico drug stores pharmacies: mexico drug stores pharmacies – best online pharmacies in mexico
mexican border pharmacies shipping to usa medicine in mexico pharmacies mexico pharmacies prescription drugs
pharmacy website india: india online pharmacy – top 10 online pharmacy in india
best canadian online pharmacy: cheap canadian pharmacy online – my canadian pharmacy review
mexican drugstore online: buying from online mexican pharmacy – mexico pharmacy
https://indiapharmast.com/# top online pharmacy india
canadian pharmacy meds reviews onlinecanadianpharmacy my canadian pharmacy
https://canadapharmast.online/# canada rx pharmacy world
canada pharmacy reviews: safe canadian pharmacy – canadian pharmacy meds reviews
canadian drugs: precription drugs from canada – best canadian online pharmacy
top 10 pharmacies in india: india pharmacy mail order – indian pharmacy paypal
п»їbest mexican online pharmacies mexican border pharmacies shipping to usa buying from online mexican pharmacy
buy prescription drugs from india: Online medicine home delivery – reputable indian online pharmacy
canadian neighbor pharmacy: canadian pharmacy near me – legitimate canadian mail order pharmacy
legit canadian pharmacy: canada rx pharmacy world – canadian family pharmacy
canadian 24 hour pharmacy canadian pharmacy tampa online canadian pharmacy
canadian pharmacy meds reviews: canadian mail order pharmacy – best canadian pharmacy
http://canadapharmast.com/# canada pharmacy world
pet meds without vet prescription canada: my canadian pharmacy rx – canadian drug prices
mexico drug stores pharmacies: mexican pharmaceuticals online – mexican drugstore online
buy ciprofloxacin over the counter: cipro pharmacy – buy ciprofloxacin
https://ciprodelivery.pro/# buy ciprofloxacin over the counter
http://paxloviddelivery.pro/# п»їpaxlovid
order cheap clomid without a prescription: cost of clomid without dr prescription – where can i get cheap clomid without prescription
http://amoxildelivery.pro/# amoxicillin 500 capsule
paxlovid pill: buy paxlovid online – paxlovid buy
https://doxycyclinedelivery.pro/# buy doxycycline online 270 tabs
http://amoxildelivery.pro/# amoxicillin 500 tablet
https://ciprodelivery.pro/# buy cipro
can i buy clomid without insurance: buying clomid tablets – clomid generics
cost generic clomid for sale: buy generic clomid pill – where buy generic clomid without rx
https://amoxildelivery.pro/# amoxicillin buy canada
http://doxycyclinedelivery.pro/# doxycycline 100mg tabs
paxlovid cost without insurance: paxlovid generic – paxlovid for sale
http://ciprodelivery.pro/# ciprofloxacin 500 mg tablet price
https://clomiddelivery.pro/# how to get cheap clomid without a prescription
where can i buy amoxocillin: cost of amoxicillin – amoxicillin price canada
https://clomiddelivery.pro/# clomid online
https://doxycyclinedelivery.pro/# doxycycline gel in india
amoxicillin pharmacy price: amoxicillin 500mg pill – buy amoxicillin without prescription
https://ciprodelivery.pro/# cipro pharmacy
buy amoxicillin canada: buy amoxicillin online mexico – amoxicillin medicine over the counter
http://doxycyclinedelivery.pro/# doxycycline 100mg tablets coupon
https://doxycyclinedelivery.pro/# where can i buy doxycycline
https://doxycyclinedelivery.pro/# doxycycline 50mg capsules
generic amoxicillin cost: prescription for amoxicillin – amoxicillin 500 mg tablet
paxlovid price: paxlovid covid – paxlovid buy
http://amoxildelivery.pro/# amoxicillin 500mg tablets price in india
http://amoxildelivery.pro/# amoxicillin brand name
cipro pharmacy: antibiotics cipro – buy ciprofloxacin over the counter
doxycycline online: oral doxycycline – doxycycline vibramycin
amoxicillin where to get: amoxicillin online pharmacy – amoxicillin over the counter in canada
buy cipro online canada: buy cipro online canada – ciprofloxacin generic price
cost generic clomid no prescription: can i order generic clomid without a prescription – how to get clomid without rx
buy doxycycline online australia: doxycycline 100 mg coupon – buy doxycycline 500mg