by Robin Roseau
"I'm not bad," I echoed. "I wouldn't mind watching fireworks and going water skiing."
She smiled. "Perfect."
We actually had a good weekend. But watching her try to tie the boat up, I was pretty sure she wouldn't be any better at tying me.
* * * *
It took a few weeks to find enough time to build the proposal that Miranda wanted. We had spare equipment we used to test proposed network changes. It wasn't as good as having a full network, but over the years, we had gotten good at simulating real traffic. I had to use software simulators to model the entire network, but I could test changes to single pieces of equipment directly.
Still, it took time to set up my tests. We didn't usually stress test the central firewall, and I had to find time to move equipment around. It was all, well, complicated and time consuming.
The cost of checking one Internet conversation against a blacklist, even a large blacklist, was minimal. The problem was that we wouldn't be checking one conversation; we would have to check all of them. And even a tiny, immeasurable delay for a single conversation added up when you multiplied it across all our traffic. When the network was quiet, the blocking that Miranda wanted wouldn't be an issue. But at some point, the firewalls would begin to fall behind. I needed to know when that would happen.
And so, I tested that. I then used the figures to model our entire network. I prepared a report. Then I investigated other choices. I added my findings to the report. Six weeks after my meeting with Miranda, I emailed off my findings. Two days later, she replied back. "Is this the best you can do?" I sent a one-word response. "Yes." Then I waited for the reply; she didn't disappoint me.
"I remain disappointed."
I managed to not cry. It was easier to take through email.
* * * *
Two weeks later, the shit hit the fan.
Attack
Miranda had implemented a Wednesday morning department heads meeting. I really, really didn't want to attend, but I didn't have a choice. I sat as far from her as I could and gave my reports as clinically as I could. I sat through everyone else's report, saved from boredom only by keeping an eye on the network through my tablet.
The attack began early in the morning. At first, it was slow, and the signs were lost in the chatter of all our other network activity. Ten minutes into the meeting, that changed.
I stared at the charts on the laptop. "Shit," I said under my breath, although my nearest neighbors probably heard me. I tapped a few icons. "Shit!" I said more loudly, jumping to my feet.
I didn't even register Miranda's complaints as I ran out of the meeting.
My phone was going off before I made it back to my desk. I didn't even glance at it. I knew what it was. I arrived at my cube, and the guys were already there.
"DDoS," announced Kent.
I brushed past everyone, hurrying to my desk. It took thirty seconds to verify for myself and another thirty seconds to measure the intensity.
"Fuck."
"That sums it up," said Eddie.
I grabbed a pad of Post-it paper and wrote, "DDoS Attack. Find me. Cassidy." I tore it off and held it out behind me. "Someone find Miranda and give her this. She's probably still in the conference room. Don't wait on ceremony. Walk in, give it to her, and walk out."
Kent took it. He was the bravest. Good for him.
I applied myself to fighting off the attack.
* * * *
DDoS stands for Dedicated Denial of Service. It's a type of computer network attack, a type of vandalism or, in this day and age, a form of terrorism. Basically, a DDoS attack attempts to shut down our network by flooding us with far more traffic than we can handle. Think of the 105 in Los Angeles during rush hour.
What is particularly frustrating about a DDoS attack is that it requires complicity from millions and millions of people. Yes, millions.
Here's how it starts.
Someone who isn't terribly computer savvy buys a computer. He takes the computer home, hooks it up to the Internet, and starts using it.
He doesn't buy anti-virus software, or if he does, he doesn't keep it up to date. Maybe he connects directly to the Internet without a firewall. Maybe he downloads risky software. Maybe he is really stupid and clicks on email containing Trojan horse viruses. In one of several ways, his computer becomes infected.
At that point, his computer does two things. It tries to help infect more computers. And it sits there, waiting for commands. It becomes one machine in a vast army of robot computers, waiting for the master to assign a task.
Now, take that computer and multiply it, all over the world. You end up with vast armies of infected computers waiting for someone to apply them to no good deed. They're called bot armies -- short for robot.
The army is under someone's control. Whose? I have no clue. But eventually that person decides to use it. Maybe it's for his own purposes, but I understand you can hire bot armies. I imagine you pay by the hour.
So imagine you dislike Branson Medical Devices. Maybe you're a disgruntled former (or even current) employee. Perhaps you felt a product you bought from us underperformed. Or maybe you're a competitor looking to make our life a little more difficult. Or maybe you have a beef against an employee of Branson and just want to express your frustration.
Look, I don't know why people do these things. Why does anyone need to make the world a worst place? Aren't there enough problems?
In any case, you hire the bot army. And you tell it, "Go after Branson". And what the bot army does, first a few machines, then more and more as they receive their instructions to cause havoc, is they start sending us network traffic.
One machine on the internet can't produce enough traffic for us to even notice. Even ten or a hundred machines are little more than a blip in our traffic statistics. But once you start talking about a million machines, each of them firing requests at our servers as fast as they can, it starts to overwhelm our network. Eventually, they can cause so much traffic that we have no bandwidth available for legitimate uses.
In other words, the bot army denies us of service by overwhelming us.
I consider it a cowardly thing to do.
* * * *
Miranda showed up in my cube about a half hour later. "How bad is it?"
I didn't even look over at her. "Grab a chair." She sat down next to me. My fingers continued to fly over my keyboard as I worked on the steps to mitigate the attack.
"Keep working," she said calmly. "Answer my questions when you can."
It was another minute or two, and in hindsight, I was surprised by her patience.
"Do you know what this is?" I asked.
"Yes. How bad?"
"On a scale to ten," I finally said, "When I left your meeting, it was about a four. A four we can handle. It's about a six or seven now. It's going to get worse before it gets better."
"Do you know what to do?"
"This isn't our first. Yes."
"So we don't need outside advisors?"
"No. They would just get in my way."
She watched me for a minute. "How long?"
"It started about six, but it started slow and ramped up."
"I meant, how long before you fight it off?"
"You don't fight them off. You mitigate until it stops."
She paused before responding. "All right. How long before it stops?"
"Could be a few hours; could be a few days." I stared at the screen, hit some keys, then watched. "Yes!" I said. "Take that, asshole!"
Miranda didn't say a word.
I turned to her. "Temporary reprieve. Maybe a few minutes."
"What do you need from me?"
"Seriously?"
"Of course."
"Communications," I said. "I don't need everyone stopping by asking when it's going to get better. Keep everyone away. And I really don't need Virgil breathing down my neck right now."
"Is that a message to me as well?"
"No, but I'd rather you didn't
camp out in my cube." I looked over my shoulder. "Davis, is the tar pit ready?"
"Just say when," he replied.
I turned back to Miranda. "Days?" she asked.
"I hope not. It's not like I can go home until it's over. I wouldn't mind if the bathrooms were closer."
"What else do you need from me?"
"If you keep everyone off my back, that's enough," I said.
"I want reports every fifteen minutes."
"You mean hourly, right?" I countered.
She cocked her head. "Hourly or if there are significant changes."
"All night?" I asked.
"We'll see," she replied. "I'll order lunch in for your team. Something healthy?"
I almost said 'hell no', but caught myself. I shook my head. "You're kidding, right? Healthy?"
She smiled. "Pizza? What kind?"
"Talk to Kent," I said. "He knows what we like." I yelled over my shoulder. "Kent, set an alarm, five minutes to the hour, every hour until this is over. Status report to Miranda."
"On it," he hollered back.
I turned back to Miranda. "Anything else? I need to focus."
* * * *
I have to hand it to her. She stayed out of my way and let me handle it. We kept her informed through our status reports, and she handled communications from there. No one else even came near.
Lunch appeared exactly when I needed it, complete with sodas, delivered by Miranda herself. She stuck around for a slice herself and just to "check in" to see if we needed anything else. She kept us supplied with coffee and soda.
She stopped by again later in the afternoon and sat down next to me. She watched me for a minute then reached out and used two fingers to turn my face towards her. She stared into my eyes for a moment. I blinked at her a few times, trying to focus.
"You need a break," she declared. "Fifteen minute walk outside. Can you take one now or should I come back?"
"Um." I pulled away and looked at my screen. "Davis, take over. Hit my cell if things get worse."
I let Miranda lead me from my cube, Davis sinking into my chair behind us.
She led me to the elevator, and I was a little surprised to realize she was going with me. We were outside before either of us said anything.
"If you want to talk about any of it, we can. Do you need to talk it out?"
"If I start, I'm going to use words you don't like."
"Come on."
She gestured, then turned me with a hand on my back, although she dropped her hand once I was moving in the right direction.
Our offices were in the heart of downtown Minneapolis. Loring Park and the Mississippi River waterfront were both a little too far for a relaxing fifteen-minute stroll. But she got us walking, and once we were a block from the office, she said, "Go ahead."
"Go ahead?"
"Cassidy, this is one of those times crude language is appropriate."
I looked over at her to see if this was some sort of trap.
"Do I need to start?"
"I just hate this bullshit!" I said. "Some asshole is lashing out at Branson, but I and my team are the ones who are going to pay the price. There's no sign it's letting up, so I'm probably going to be here all night."
"Keep going," she directed. "Let it out."
So I did. I went on a good five-minute rant as we continued to walk down the street. Finally I wound down.
We turned the corner and Miranda said, "Good. I agree with you, by the way. What can we do we aren't already doing?"
"I don't know. We have two connections into the building. We normally share the workload between both of them. I've got all our internal traffic routed through one connection, and it has a different IP address, so we're also using that for our outbound traffic. Performance is down a little, but I bet most people aren't noticing. But all traffic originating from the rest of the world is going through the other connection, and it's slammed hard. Inbound email is backed up horribly, and I'm sending outbound email through the same pipe."
"Why?"
"I don't want the little fucker to figure out everything I'm doing. If we start sending email out that path, he might find it and start hitting it."
"What else could we do?" she asked again.
"I'd love to pass a law that makes it illegal to have a computer on the Internet without good anti-virus protection."
"How about something we can control."
"I'm sorry. I don't know. We're doing everything I know, and we're also talking to our ISPs and DNS providers. They've had good suggestions, too, especially the DNS provider. They get hit all the time."
"So? Weather out the storm?"
"That's the best I know. I'm sorry."
"Don't apologize."
We turned a corner and walked back to the building's main entrance. Miranda turned me to face her, looking into my eyes. "Better?"
I nodded. "Thanks. And thanks for listening."
"Of course." She steered me inside. Once we were in the elevator she said, "Is this going to be all night?"
"Probably. It's tempting to just let them run out their time, but I'm terrified they'll find our other connection or use this to hide an attempt to sneak past security. I have to stay."
"You need to take steps to keep someone sharp." She paused. "Can you spare two of the guys?"
"I suppose. What do you need?"
"Send them home. Tell them to get some sleep and come back later."
I nodded. "No one is going to be able to sleep."
"Do them in shifts. Have one come back after midnight; the other around three or four."
I nodded. It was going to be a long night.
"What do you want for dinner?"
"Leftover pizza, I suppose."
We reached our floor and stepped out, but she turned me to her again. "No. Dinner is going to be healthier than that. What's your favorite?"
"I don't know," I said. "Nothing too heavy. It will make me sleepy."
"I'll take care of it. Keep me posted."
* * * *
I got back to my desk. "Status?"
Davis got up from my desk. "Everything is holding," he said. "The tar pit is working, too."
I was fond of the tar pit. When a computer sends a piece of information over a network, it expects a reply. Normally, the idea is to reply as quickly as possible. That's what network gear does, and it does it very well. But if you turn on a tar pit, what you do is intentionally delay your responses. The remote computer waits and waits and waits.
And then eventually you send the reply.
On the other end, the hacker attacking us probably thinks he's affecting us enough that we can't reply. But on our end, what we effectively do is tie up a great many computers, slowing the attack significantly.
It's called a tar pit because it's like the electronic version of the La Brea Tar Pits. Computers fall in and can't get back out.
"All right. I need two volunteers. Go home. Sleep. One of you come back at midnight. The other at three. Whoever stays goes home when the first one arrives." I let them work it out. It was Eddie who stayed.
* * * *
It stayed quiet after that. I kept on top of things, but the attack wasn't morphing any further. That could be a good sign, or it could just mean our attacker was taking a break and would be back later to try something new. Only time would tell.
True to her word, Miranda was back at my desk promptly at seven. "Do you need to watch from here?"
I looked up at her. "I don't want to be too far..."
"My office. Who stayed?"
"Eddie."
"Eddie. Dinner in my office."
Eddie's head popped up over the edge of the cube wall. "More pizza?" he asked hopefully.
"Better than pizza," Miranda replied. "Come on."
She led the way. I grabbed my tablet and followed her.
She had gone above and beyond. Waiting for us was a large salad bowl and three entrees from Sandal's, a prestigious restaurant down the street. Sh
e told Eddie and I to grab seats at her conference table then lifted the lids on the three meals.
"I've got chicken, beef, and fish. They are three of my favorites, so I'm happy with any of them. Who wants what?"
I looked between them. "You two pick," I said. "And the salad looks wonderful."
She didn't argue with me. Eddie grabbed the steak. Miranda said, "How does the fish sound, Cassidy?"
"Fish sounds perfect."
She had side dishes as well, braised asparagus, baked potatoes, and roasted garlic broccoli. Miranda dished up everything for us then gave us our choice of lemonade, water, or more soft drinks. I took a lemonade, thanking her.
I wasn't much for conversation. I kept checking the network status. Miranda asked for a status update. I asked Eddie to fill her in.
I ate about half my meal and felt guilty. "If I eat more, I'm going to get sleepy," I admitted.
"I'll box everything up, and you can snack later," Miranda said. "Eddie, I'll need your help in about a half hour." She looked at me. "Another walk in about an hour."
I nodded.
* * * *
It stayed quiet, although I didn't grow complacent. There wasn't any particular need to do more than I had, at least not for now, but I needed to stay on top of things. Eddie disappeared for twenty minutes, returning with Miranda in tow.
"Status?"
"The same," I said. "I don't think this is over, though."
"Time for a walk?"
"Sure."
Like before, we didn't talk until we made it to the street. Once there, I thanked her again.
"You thought I would just leave you to deal with it yourself?"
"I don't know what I thought," I replied. "Well, that's not true. I didn't think about that at all. I was thinking about the attack."
"When this is over, I'll need an overall report. Don't worry about it for now."
"I've already started it. I consider it standard procedure. It's difficult to remember everything after the fact, so I'm keeping a detailed log."
"Okay, good. Let's just walk now."
So we did, taking a different path this time. It was a lot quieter than it was this afternoon, but Minneapolis doesn't roll up it's sidewalks this early. There were still people about and would be until much, much later.
Still, Miranda issued a caution. "If you leave the building before morning, take one of the guys with you."