Hacker News new | past | comments | ask | show | jobs | submit login
rwall Incident (1987) (wikipedia.org)
19 points by akkartik 5 days ago | hide | past | favorite | 13 comments





Career spanning decades, things like FreeBSD and FreeNAS on the credit sheet, and still people remember that one time back 33 years ago when you spammed the whole 'net by accident.

It's like that joke about "just one goat".



RISKS has a more complete description and explanation, from Hubbard himself:

Failing to find anything that might suggest that rwall would do anything nasty beyond the bounds of the current domain (or at least up to the IMP), I tried it. I knew that rwall takes awhile to do its stuff, so I left it running and went back to my office. I assumed that anyone who got my message would let me know.. Boy, was I right about that! After the first few mail messages arrived from Purdue and Utexas, I begin to understand what was really going on and killed the rwall. I mean, how often do you expect to run something on your machine and have people from Wisconsin start getting the results of it on their screens?

http://catless.ncl.ac.uk/Risks/4.73.html#subj10.1


I found that via Wikipedia. The other articles are fascinating. One was about privacy.

It seems many of those risks have never really been solved - air traffic control failure being the exception.


The RISKS digests are an invaluable resource, though I'd argue moreso for the earlier period, through the mid-to-late 1990s.

One of the citations, http://catless.ncl.ac.uk/Risks/4.73.html#subj10.1 has more information about the incident, and some interesting insight from Mr. Hubbard.

  "I have to wonder what other RPC services are open holes. We've managed to do some interesting, unauthorized, things with the YP service here at Berkeley, I wonder what the implications of this are."
Some early reflections on "Wow, these very complex and mostly unprotected directory services are just sitting open to anyone connected to the Internet to access! Gee, I hope someone doesn't abuse YP/AD/SMB/DNS down the line..."

For context, since YP leads to many different meaning, it's the Yellow Pages service(s) that (Sun) RPCs were enabling.

Indeed these were famously abused in these early having days.


33 years later and the backbone of the Internet - BGP - is still the no-permissions mess. Exactly as described in the snippet above.

Some 20 years ago I was an a student at a university and a resident and network/server admin at one of the dorms.

We had some people from a student organization which I will not name set up some servers with warez and other things in our network. This network was back then completely open to network and all students' machines had real, public, routable IP addresses and no firewall.

We had to tolerate the people even though the rules stated running intensive services was not allowed and I would normally had a script that would automatically ban a user for doing something like that.

I remember one day we (me and my roommate) decided to take a look at the server and we noticed it is some stock install of a Linux Mandrake which was known to be totally insecure. We decided to bet who is going to be faster to the server.

Half an hour later we were both telnetted to the server and chatting using wall, of all possibilities.

For those who don't remember, wall broadcasts messages to all terminals on the server.

Couple minutes later the owner of the server burst into our room scared that some hackers just invaded his precious student service.

You should see our faces.


This reminds me of the ‘net send’ spam that ran rife in the late 90s/early 00s.

Ah net send, the command that nearly got my friends and I suspended in high school. We learned about batch file scripting and net send and of course within minutes the first thing our teenage brains thought of was write and run an infinite loop to send “lol dicks” to every computer on the network, which was every single computer on campus. If I recall correctly you couldn’t do anything on the message receiver end until you acknowledged the message, and they would queue on receipt... so we basically bricked every computer at the school that morning lol

We eventually discovered the power of fork-bombing yourself with a script that does a bunch of net send to someone before forking...

'net send' was always great fun during LAN partys when I was a kid.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: