Washington, DC: Friday,
November 2
nd, 2:47 PM, 2001
“Are you sure you set it up right?” John was one of the ZFon programmers, and already Reuben didn’t like him. He tried to remember that this was a guy who was being told that his work wasn’t good enough, and now his company either had to fix the mistakes or probably go out of business. But there was something more than that, some kind of arro- gance behind it all that Reuben perceived. It wasn’t just that he was on the defensive because of the situation, he actually seemed to think that he was the only person in the room with half a brain.Boy, is he in for a rough time, Reuben mused to himself as he smirked internally.“Well, why don’t you take a look at it and let us know?” he suggested.
Chapter 5
John sat down at the server and started looking over various configura- tion options. “It…it looks pretty standard. Did you harden the operating system?”
“Why would that have an impact on whether or not excessive data sent to the VPN server blows it up?” countered MadFast. He didn’t seem to like John either.
John shrugged. “I dunno. Okay, let me see the problems.”
“Let’s reboot the server first, so it starts up clean,” suggested Reuben. He triggered a restart, and they all waited in uncomfortable silence as the system restarted.The beep of the machine and subsequent grinding of its hard drive was the only sound in the room.Why does it have to be like this?
Reuben wondered.Why can’t all programmers want their code to be secure, and welcome opportunities like this? He wondered how to communicate to this man that they were not out to get him.
It had taken days for ZFon to send someone. It seemed that they were either in total disarray and paralyzed by the news or they were stalling. Either way, it had burned up a lot of time while MadFast, Bob and Reuben waited for them.
The server finally finished rebooting, and they watched the drive light flicker on and off as services started. When it finally stopped and it was clear that the dreaded error message about some drivers or services failing to start was not going to appear, Reuben hit Control + Alt + Delete
and logged in. “Alright, I’m going to pull up Task Manager so you can see what’s running in real-time.” He brought up the process list, and then turned to MadFast. “Alright, hit the overflow first.”
“Right on.” MadFast fired up the exploit tool, and loaded the appro- priate payload. “Ready.”
Reuben nodded. “Watch the process list,” he instructed John. “Alright, Frank, hit it.”
MadFast hit the new and more politically-correct Sendbutton on this version of the exploit tool. As expected, the number of processes dropped by one.
“Go on, look around the system. If there are any error logs we missed, we’d love to know. But nothing shows up in Event Viewer, even though the Listener service has totally died. Check it out.”
John sat down, and looked at which services were running. “That’s odd…this service isn’t supposed to even run if that one isn’t…hmm.” He poked around a bit more, and then opened up Event Viewer. It was as though he didn’t believe that it could be true. But sure enough, not a trace of an error existed. Reuben was glad he made sure that Windows was working perfectly on this server before they started work. “You’re right.”
“Is there some other logging somewhere else?”
“Ah, no. We rely on Event Viewer.That’s what Microsoft directs.” MadFast piped up. “Yes, we know. We were just wondering if there was any trace of an error somewhere that we missed.”
John didn’t seem to be enjoying this. “Okay, show me the other one.” “Want to reboot the system again, or just restart all the ZFon services?” John grumbled, and shut down the remaining running services, then restarted them in the proper order.
Reuben instructed MadFast, “Alright, you know what’s next.” MadFast loaded the second payload. “Ready.”
Reuben brought Task Manager again, but this time he set it with the
Performance tab prominently displayed. “Okay, let it rip.”
MadFast hit Send again. “Alright. Let me know when to disconnect.” “In just a minute.” He turned to John, “Now you see, everything is fine right now. Watch this. Frank, disconnect.”
Frank shut down the exploit tool. Instantly, processor utilization soared on the server, and stayed full-on at 100%.
“Isn’t that the damndest thing?” asked Reuben.
John was fascinated. He leaned in, and got Task Manager switched over to the Process List. “Hmm, everything is still there.”
“Yeah, but it’s choking on the data. We think that what happens is it fills a buffer, and then tries to process it when the connection terminates properly, or improperly, as it turns out. But it’s got bad data, so it just plain pukes on it. But the odd thing on this one is that it takes not only bad data, but a lot of it, too much. But the way it acts, I don’t think it’s an exploitable buffer overflow, not for gaining root.”
John nodded, deep in thought. “Yes, that makes sense to me. I think I remember some of that code too.” He was at least getting curious in that geek sort of way now, and that helped him find some common ground
with MadFast and Reuben. Reuben liked to believe that deep down all true geeks were driven by similar things, like a thirst for knowledge and desire to see how things work.
“Any other questions?”
“Ah, yes. Can I get a copy of those packets that you’re sending?” Reuben looked at MadFast, who shrugged, not having any idea. “I didn’t think of that. Damn.The only thing I worry about is that we’re essentially not supposed to tell anyone anything unless it’s been cleared by DoJ. I don’t know what they want us to do in regard to this. Let me call them and ask, and as long as they say it’s okay, we’ll e-mail them to you. It’s kind of late in the day, so I don’t know if we can get…here, hang on a sec.” He pulled out his cell phone and called Bob upstairs.
“Hey, yeah it’s Reuben. ZFon wants a copy of the two packets, but I’m not sure if that’s covered by our NDA or not. Can you call Vince and get a go-ahead for us? Great, thanks.” He closed the phone and put it away.
“We’ll either have an answer right away, or tomorrow I think. Vince has been pretty good about responding, so far. I’m sorry, but I really want to make sure we do this by the book.”
John didn’t look happy about this, but didn’t have much of a choice either. “Okay. I think I have everything I need.”
“Cool. And hey, if you need anything else, or have questions, please call us. Even if we have to get permission first, we’ll do anything we can to help. I know it seems uncooperative, but we have to abide by the NDA. Really sorry about that.” Reuben could tell that this wasn’t going to be credible, at least not at the outset.
John grunted, nodding his reluctant understanding and acceptance of the situation. “I’ll talk to you later, I guess.Time to get back to the office.”
Reuben walked John out, and returned to the lab. MadFast was playing around with some code.
“That went well, I think,” he observed. “At least it didn’t break down into an argument over whether or not it was borked at all.”
Reuben nodded. “Well, what was he going to do, deny it? He saw it with his eyes, that it blew up. I’m betting that they want the payloads so that they can reproduce it on their own system and be sure.You know, I just don’t get why it has to be so uncomfortable. I don’t mind it so much
when people point out where I need to improve on something. Well, I mean, I mind it, sort of, but it’s less painful to accept and work with than it is to just resist it. And I didn’t get here by avoiding the truth, no matter what it meant.”
“Well, it’s a coder thing. It’s your work, it’s a part of you. So it becomes kind of personal when someone else pokes holes in it.”
Reuben shrugged. “Oh well, we were as nice about it as I think we could be. I just hope we can get quick decisions from DoJ on things, so that he won’t feel like we’re freezing them out.”
“Don’t sweat it, man. Bob’s a good guy, and so’s Vince it seems. And John will see that nobody wants to freeze them out here, in time.”
Reuben smiled back at MadFast. “Right on.” He smirked. MadFast laughed. “Hey, now you’re stealing my lines…”