Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×

Sun Grid DOS'd 119

Posted by CmdrTaco from the don't-blink-or-you'll-miss-it dept.
feronti writes "So, it didn't take long... CNET is reporting that Sun's new Grid computing service (reported yesterday) has already been the victim of a DDOS attack. "
This discussion has been archived. No new comments can be posted.

Sun Grid DOS'd More

Sun Grid DOS'd

Comments Filter:
  • Oh, it was slashdotted.

  • Cause & Effect (Score:5, Funny)

    by duerra ( 684053 ) * on Thursday March 23, 2006 @02:47PM (#14982102) Homepage
    The outage, Sun reports, began at around 04:43PM, on Wednesday March 22, as every geek in the world seemingly had nothing else to do at the time.

    (Yes, I went there. And yes, that was just unacceptable. I know. hEhE)
    • When the DoS ended, service technicians reportedly found a fresh pot of tea in the output tray.
  • Sounds like a programmer at an unnamed competing firm took a half day off.

  • Sun Grid (Score:5, Funny)

    by Scoria ( 264473 ) <{slashmail} {at} {initialized.org}> on Thursday March 23, 2006 @02:50PM (#14982122) Homepage
    So, would you say that the Sun Grid should now be considered "off the grid?"

    Don't worry, I'll be here all week.

  • DOS? (Score:3, Funny)

    by Eightyford ( 893696 ) on Thursday March 23, 2006 @02:51PM (#14982137) Homepage
    Sun uses DOS?

  • Jackasses (Score:5, Insightful)

    by AKAImBatman ( 238306 ) * <akaimbatman AT gmail DOT com> on Thursday March 23, 2006 @02:51PM (#14982138) Homepage Journal
    Why do people do this? Sun provided a publicly available text to speech service as a cute little marketing gimmick. Thanks to the efforts of these yahoos, however, Sun has moved the service inside the grid so that it is only available to subscribers. Cool things that could have been done with this free service (Sun suggests making blogs into podcasts) now can only be done by GridEngine subscribers.

    And what have these self-righteous "hackers" proved? Abso-fracking-lutely nothing. Sun's Grid was never in danger, and they had no problem moving the service.

    So thank you very much for spoiling things for everyone. I hope you "hackers" enjoyed it.

    • Re:Jackasses (Score:5, Insightful)

      by networkBoy ( 774728 ) on Thursday March 23, 2006 @02:55PM (#14982173) Journal
      They proved something alright (from TFA):

      That position dovetails with one long held by Sun Chief Executive Scott McNealy. "Absolute anonymity breeds irresponsibility," he said in a 2003 interview. "Audit trails and authentication provide a much more civil society."
      • Proves that 'If you build it, they will come.'

      • Re:Jackasses (Score:2, Interesting)

        by Cyno ( 85911 )
        That's assuming we believe Sun when they say "hackers" did this. Until I see more evidence I think they're doing another publicity stunt, trying to promote their authentication system and a "more civil society". Either that or to explain why the Grid is having problems handling the bandwidth, etc. I simply don't trust them. They have a long way to go to earn my trust. I trust Sun to be Sun like I trust hackers to be hackers.

      • Re:Jackasses (Score:5, Funny)

        by mizhi ( 186984 ) on Thursday March 23, 2006 @03:47PM (#14982585)
        Probably has something to do with this:

        http://www.penny-arcade.com/comic/2004/03/19 [penny-arcade.com]

      • Re:Jackasses (Score:4, Interesting)

        by Jherek Carnelian ( 831679 ) on Thursday March 23, 2006 @03:58PM (#14982678)
        That position dovetails with one long held by Sun Chief Executive Scott McNealy. "Absolute anonymity breeds irresponsibility," he said in a 2003 interview. "Audit trails and authentication provide a much more civil society."

        They only proved that partial anonymity breeds irresponsibility. Sun and any sort of response they make would have a tough time being anonymous. So, on one hand you have the "bad guys" who have almost complete anonymity to cover their 'extra-legal' activities and on the other hand you have the "good guys" without much anonymity and so are unable to respond in kind.

        Adding audit trails and authentication just changes the identities of the "bad guys" from those who are outside the system to those who own the system and thus can erase the audit trails as needed (for example, the brazilian the british coppers shot and killed in the tube last summer - despite being the most surveiled society on the planet the incident was not recorded on camera due to a 'temporary malfunction' -- yeah RIGHT).

    • Re:Jackasses (Score:4, Insightful)

      by Anonymous Coward on Thursday March 23, 2006 @03:01PM (#14982229)
      I'm sure some bozo will now chime in how the hackers were "white hats" and they were only trying to "help" Sun improve their security.

      Yeah, sure.

      This continual barrage of so-called "hackers" is doing only one thing: turning our computerised world into a gigantic "police state" of sorts. There will NEVER be a day when all security "issues" have been addressed. NEVER. But, thanks to the efforts of pinheads like these, our operating systems and environments are becoming more and more encumbered with security of every kind and type. We can't write a C program without having to worry about stack-smashers. We can't open a ZIP file without a virus scanner. It's hit and miss browsing the web...you may be the lucky winner of some kind of embedded trap Microsoft/Mozilla/Opera/whomever hasn't accounted for yet. And the arms race continues!

      Remember the days when no one had a firewall? When you could happily "finger" someone's account on another system? Forget it..those days are long gone. We all live in gated communities now. Can't put your system on the raw internet without half a dozen kiddies with portscanners hitting you up within seconds. Oh but it's for "security". Sure. They're only doing it for my own good, as the apologists say.

      • Re:Jackasses (Score:3, Informative)

        by dfj225 ( 587560 )
        Sure, I'll bite. I would say that any "white hat" hacker would notify the company of security vulnerabilities within their system instead of exploiting them with no warning. I think actually releasing or using exploits against a system that you do not own, operate, or have permission to run said exploits on would remove you from the "white hat" group. Believe it or not, some people are able to research software security without feeling the need to run exploits in the wild. Only those who are irresponsible

    • Re:Jackasses (Score:3, Interesting)

      by sootman ( 158191 )
      Cool things that could have been done with this free service (Sun suggests making blogs into podcasts)...

      Speaking of which if anyone is interested in doing this, you can use OS X's (so-so) voices:
      $ say -f blogfile.txt -o podcast.aiff
      Then use iTunes to convert to MP3 or AAC. `man say` for more options. Introduced in 10.3.

      I'm not saying this is better than what Sun offered, or that those hackers weren't assholes... just mentioning something that people might be interested in.
      • Thanks for the tip.

        I'd actually been wondering if there was a way to do that for a while ... pretty neat.

        They really need to do something about their voices though. I remember when they brought them out ("Mac-in-talk-pro-english-vic-tor-ia" anyone?) and it seems like they haven't done a bit of work since then.

        I've often thought it would be cool if you got a text-to-speech system that was good enough to make a 'poor mans audiobook,' by passing some Project Gutenberg texts into a program and having it spit ou
      • And for linux users: Speech Synthesis & Analysis Software [linux-sound.org] at linux-sound.org. Some of the programs (most notably, Festival [ed.ac.uk]) also run on Windows. Of course, it doesn't sound amazing out of the box, but it's Free and free.
    • Frakin' posers.
    • They proved that by being a prick, they can get nice things taken away from everyone.

      I hope they are proud of themselves, and that we meet up in a dark alley someday.

    • Donkeys and Bureaucrats (Score:3, Insightful)

      by fm6 ( 162816 )
      There's no excuse for vandalizing somebody's system. But it wouldn't be so bad if Sun weren't so damned bureaucratic. I read in the article that the demo was still available to people who had grid accounts, which you just need a verified PayPal address to open. I have one of those, so I thought I'd sign up just to get a look at the demo. After 5 minutes of answering strange, intrusive questions (who do I work for? what projects do I have in mind? where's the money coming from?) I gave up. Of course, Sun did
    • At this point, I would have thought that we would have grown up and realized that the Internet is full of noise and occasionally dangerous signal. That Sun put out something that fell over instantly demonstrates that they are still incapable of anticipating the requirements of a large-scale system exposed to the general public. To sum up: Sun ain't no Google and the script kiddies aren't the ones to be upset with. After all, to complain about script kiddies is a bit like arriving at work in Seatle soaking w

    • So thank you very much for spoiling things for everyone. I hope you "hackers" enjoyed it.

      They are arseholes but it's probably nothing to do with "hackers" as such.

      It's statistics. In any population of millions it's a statisical certainty you're going to get arseholes. Simple as that.

      To expose anything to the net and assume that every single one of the millions (billions?) of people online is going to play nice is a statistical impossibility.

      Here are just some of the possibilities I can think of:

      • I

  • They're lucky (Score:5, Funny)

    by yootje ( 770109 ) on Thursday March 23, 2006 @02:53PM (#14982150) Homepage
    They're lucky Slashdot didn't linked to the project, otherwise they would've been DDOS'd for the second time.

  • Sun Grid (Score:2, Insightful)

    by daeg ( 828071 )
    Pretty damn cool idea, actually. I'm not sure about their demo application (unless the speech quality was superb), but a cool idea nonetheless. Could especially be nice for cracking passwords on things like RAR archives where you have to use brute force attacks. I imagine opening up old password protected archives could be very valuable to businesses (particulary since businesses tend to repeat passwords, e.g., discover one and you probably discovered a bunch).

    Not very useful to the public at large, though.

  • brilliant! (Score:5, Funny)

    by gEvil (beta) ( 945888 ) on Thursday March 23, 2006 @02:55PM (#14982169)
    Now that's sheer brilliance! How come I never thought about running DOS on a cluster of machines? What's that? Wrong DOS you say?

  • Denial of Service, abbreviated DoS (Score:4, Informative)

    by poopie ( 35416 ) on Thursday March 23, 2006 @02:57PM (#14982192) Journal
    Let's keep things straight - three are enough confusing three letter acronyms.

    Denial of Service is still worth writing out. Most wanna-be geeks see the three letters "dos" in any capitalization combination and think of Microsoft Disk Operating system.

    Slashdot story submitters should know the difference between DOS and DoS, but due to the stupid l33tsp33k crud, nobody takes capitalization seriously.

    I think that outside of security or incident response venues, denial of service should be written in full and not abbreviated.
  • One guy set up a distributed job to run this:

    #!/bin/sh
    $0 &
    exec $0
    • I like "while(1) {fork();}" better...

      My operating system teacher told us about this one and told us never to do that. Needless to say that a dude wrote, compiled and run this code like 5 minutes after the end of the class... in our main server... pfff...
      • And I guess your server wasn't setup with resource limits... teacher should have kept their mouth shut if so.

        Doing the equivalent on Windows (using CreateProcess normally) brings the system down nice and quick though (Windows doesn't even support resource limits so there's no way the admins can stop you).
        • That's right, the server didn't have resources limits. In "the day after", the teacher told us it's because it's supposed to be a "academic environment". Of course this changed in a heartbeat after this episode. And of course the teacher regreted telling us that.
        • Actually 2003 Enterprise and Datacenter have the optional WSRM [microsoft.com] windows system resource manager which allows you to limit the amount of resources which a particular app can take including threads launched. There are third party apps which can do similar things for standard, which is usefull for TS/Citrix environments. So Windows has all the architectural things in place for resource management, just not the tools as a standard component installed by the default install.
      • Another fun one:

        while(!fork());

        This one is essentially un-killable as it keeps changing its PID. Here's more such fun:

        while(!fork()) fork();

        hehe...

    • Hmmm... if they had Linux computers in Best Buy, people would be putting that in the bootup, kinda like format c: /autotest

      I just tried it on an Ubuntu system I had... lasted about 30 seconds... now to try the fork method mentioned

  • The summary forgot to mention the rest (Score:5, Funny)

    by moochfish ( 822730 ) on Thursday March 23, 2006 @03:00PM (#14982220)

    So, it didn't take long... CNET is reporting that Sun's new Grid computing service (reported yesterday) has already been the victim of a DDOS attack. "

    ...As thousands of hackers asked The Grid... What is The Answer to Life, the Universe, and Everything?

  • ....I'm thinking the technical term for this would be "eclipse", right?

    Ok, in all seriousness, it isn't so suprising, it was a big target and some people are just going to take the shot -- which it too bad since the DoSers could have used thier time for more important works...like acing GoDaddy severs, or better yet some M$ site."

    my $.02

    • But what's the point? Is there really much kudos in taking down access to a marketing gimick? It's a bit like taking down the video server on BMWs web site. The grid itself was completely untouched, and carried on buisness as usual. It just means the rest of us can't play. Pointless, technically unimpressive.
  • "Aisling MacRunnels, Sun's senior director of utility computing"

  • I really like the idea behind this Sun's project [network.com] (network.com? I'm sure it was not cheap to get that domain). It even makes me wanna install JBuilder or something by the way and program in Java again.


    --
    Superb hosting [tinyurl.com] 20GB Storage, 1_TB_ bandwidth, ssh, $7.95
  • Sun feels comfortable because they use Paypal as a form of user verification. What could go wrong with that? /sarcasm

  • Please, rewrite this in english. (Score:4, Insightful)

    by Tei ( 520358 ) on Thursday March 23, 2006 @03:34PM (#14982488) Journal
    Please somehome with good english rewrite this post.

    Sun, as always, have some very good futuristic ideas. Ideas too good for nowdays, but will work on the future.

    You already know Java, and "The network is the computer", and theres is another The Grid.

    The Grid is another use of the internet, as The Web is the net of web pages, The Grid is the net of network resources shaped in a way that A Single Execution can run on a virtual giganteous virtual computer. Its not magic, only code written to use this level of paralelism will work, and you need to use some "standard" framework, but is still C, (or perl if you want) code. As I write this, theres some guys migrating applications to the Grid framework.

    Actually the need for that giganteouse computational power on a simple C executable is experiemental data generated by particle accelerators like the LHC (aka, from the CERN, the same guys create the World Wide Web). Withouth the Grid you have not enough computational horsepower to analize that much data.

    Sun, and these guys think this interesting use of technology will grown, and soon guys like Liberty, Visa, Bayer, etc.. will use that horsepower to crunch hugue computational problems, problems that huge that actually looks not feasible. And because The Grid use some sort of "p2p" alike technology ... You Can Join The Grid!.. and theres are lots and lots of grid nodes on universitys around the world. So your scientific app is calculated trough 90 nodes, that where 90 computers around the world, but you only execute a single C app (a C batch app).

    With this setup, Its a non-sense that hackers attack sun. WHY?!!!.. The Grid is a idea a true hacker sould LOVE, not hate or attack. Imagine a world where "hackers" attacking the first web server to shutdown the worldwideweb idea. What lameness...

    I am a hacker, and I think these guys hare not more than vandals withouth respect for technology, or withouth pride for scientific effors on IT.

    • Sun isn't the first group to do this. Maybe you remember SETI@Home?

      And I'll admit that I don't know enough of the history of Java or "The network is the computer" to know whether Sun actually invented them. However, Sun did NOT invent the Grid.

      I don't think it should be attacked either, but let's not pretend it's going to change the world.
      • To clear things up... Sun did create Java. Sun also created the slogan, "The network is the computer" in the early 90s. And while Sun didn't invent the idea of grid computing (several research projects like Condor pionered it 10+ years ago - way before SETI) it is the first company to sell access to a shared grid via a published API.
    • WRONG!! You don't have to write highly specific code that can be run in parallel, you can run several different apps on several different machines if you want to and combine the results. You can run huge number crunching algorithms or you can do your Sodoku game. Whatever you want as long as it will run on Solaris 10 and X86 architecture. P.S. learn to do your homework on something before commenting, then learn to write and learn to spell.

  • Kinda missleading (Score:4, Interesting)

    by ChrisRijk ( 1818 ) on Thursday March 23, 2006 @03:35PM (#14982494)
    The way the summary is written, you'd think that actual site was down or something. But the website and grid itself was fine - it was just the free example (running on separate hardware) that got busy. (I dunno how busy - I accessed it yesterday and it was fine at the time).

    I dunno, Slashdot could have reported on something more meaningful - like Sun GPL'ing their latest processor. You can download it here:
    http://opensparc-t1.sunsource.net/download_hw.html [sunsource.net]

    There's a decent write-up here:
    http://www.itjungle.com/breaking/bn032106-story01. html [itjungle.com]

    Manufacturing fab not included...
  • Sun should use their Grid to DDoS back the attacking machines. After all, Sun has a formidable weapon here now.

  • YOU ARE WRONG, POSTER (Score:3, Informative)

    by Heembo ( 916647 ) on Thursday March 23, 2006 @05:32PM (#14983556) Journal
    The sun grin did NOT GET DOS'ed. The DEMO SERVER got dos'ed, and when they moved such code back into the grid the DOS attack was mitigated. RTFA.
  • ...for meddling with the mighty memmaker's carefully generated config.sys and autoexec.bat :)
  • Sun also reported...that their grid went down harder and faster than similar offerings from HP and IBM. Once again proving the superiority of the new Niagra based platforms! If you trade in your old DDOS'd equipment, Sun will give you 10% off!
  • so i paid $1 for 1 CPU hour.

    i ran the sample "hostname" job.

    Started When: 2006-03-24 00:36:54.0
    Finished When: 2006-03-24 00:36:54.0
    CPU-Hrs Used: 0.000
    CPU-Hrs Billed: 1
    Account balance (CPU-Hours): 0

    btw, the glorious output: nyc1r214cpn14
  • In situations like this, it is once again called for that before we can continue to build the next generation of decentralized computing systems, we need a relative trust identity system. This means people can create online identities (real or pseudonymous) and then link to others whom they trust. A trust web is then formed where an individual can compute the relative trust level between themselves and a third party. This would enable in a decentralized world a tool to combat the annoyances of these issues.
  • ... it claims that the Sun grid was DDOSed. But what the article says is:

    The attacks didn't disturb the regular grid, Sun said. "There was no degradation to performance for users inside the Sun Grid," spokesman Brett Smith said.

    So they atacked the server hosting text-to-speech translation service, NOT THE SUN GRID!

Slashdot Top Deals

A morsel of genuine history is a thing so rare as to be always valuable. -- Thomas Jefferson

Close