I'm watching the hit meter on gulker.com's web server: 54,027. Watching a web server. You can maybe tell just how badly I need to try to get some normalcy back into my life.
The last two weeks have seen me first on a long business trip, then stuck in Chicago while the US air fleet was grounded. I'd watched the World Trade Centre attacks on a hotel television. For the first few hours after the attacks, cell phone circuits were overloaded and even conventional phones couldn't get long-distance lines. My wife and I were finally able to exchange e-mail, trying, like a lot of other people, to find their closest companions and make sense of the madness and horror. I, for one, have not made much progress along that path in the last two weeks.
Which is why I'm staring at the status window of my Mac web server. It runs software called WebStar, which, unlike the popular Apache server, has a window that lets you see who's visiting the web server. It also counts incoming requests.
It just jumped to 54,107 – no big deal, except it's 30,000 more hits than it normally would have logged in the last couple of days. And it isn't events in New York that drive this traffic: I'm hardly CNN or an expert on terrorism. It's Nimda.
Nimda is a worm, a species of computer virus related to Code Red. Remember Code Red? It wasn't so long ago the FBI gathered dour-faced agents on television to announce this major threat to US infrastructure. In the current climate, Nimda only just rated a mention, even though it showed up a week almost to the minute after the World Trade Centre was first hit. And Nimda is far more rapacious than Code Red.
Code Red spread from web server to web server by exploiting badly written code in Microsoft's IIS web server software. Basically, Code Red sends a certain request that is too long for the server to deal with, so it just sort of stops, slack-jawed, and lets its guard down. Code Red then installs itself on the compromised server and begins looking for other servers to infect.
Nimda also used that trick, but goes much further. First, it tries 16 different flaws in Microsoft's IIS, instead of just one. It also attempts to spread itself by e-mail, by web browser and by infecting networked machines, such as servers inside a company's firewall.
Code Red generated a gigantic amount of web traffic; Nimda generates about 16 times as much, and spreads through more channels. By last Tuesday evening, gulker.com's network was all but useless. Nimda traffic had eaten up so much of my ISP's bandwidth that they began blocking web traffic on segments of their network. I couldn't get to any web page outside my network. All I could do was watch as Nimda-infected machines on unblocked segments hammered my web server so hard that the status window was a blur.
I felt helpless. It was an eerie echo of how I'd felt a week earlier as I'd watched the World Trade Centre towers fall.
I'm a nerd so, when in doubt, I read the manual. I hit the Web, I look for the documentation. Since 11 September, I've read ravenously about the Taliban, Boeing airplanes, Osama bin Laden, the architecture and construction of skyscrapers, Islam, air traffic control, Afghanistan, high-rise firefighting and terrorism. I've looked at one-metre resolution satellite photos of lower Manhattan, before and after; video clips, information graphics and stock charts plotting the market response to other great disasters.
It didn't help much. I just couldn't comprehend how someone – let alone 19 people – could be so full of hate that they would spend months or even years preparing to die while slaughtering thousands.
And, now, seeking solace in geekdom, I couldn't comprehend how someone could spend time writing Nimda. True, Microsoft's products are regrettably plagued with bugs and security flaws, but that's the point. Nimda just bundles all the ways of exploiting those bugs that previous viruses and worms had unearthed.
One bright point flared when, once again seeking to Read The Manual, I came across news of an open-source program called LaBrea, named after the prehistoric tarpits in Los Angeles. LaBrea turns a network's unused IP addresses into what looks to the worm like potential victims. But LaBrea plays a little trick that causes the worm to get stuck after it connects. One LaBrea machine can tie up hundreds or thousands of Nimda machines.
Nimda was successful initially because it used a part of the Net against itself – Microsoft's products are pretty ubiquitous out there. But a different kind of software – open source, running on Linux – can help to solve the problem. If the internet were restricted to Microsoft, or only one kind of any other software, it wouldn't be as strong. So there's strength in diversity.
On 11 September, people whose hearts and minds I may never be able to comprehend took advantage of just about everything a free and tolerant society has to offer, and used it to send more than 6,000 people to horrendous deaths. And already, some citizens are calling for America to rescind freedoms, and eschew tolerance.
But the very thing that has made America strong is our tolerance, however imperfect it may be.
That tolerance breeds diversity, and that diversity breeds strength in a society, as surely as it does in any network.Reuse content