len@ames.arc.nasa.gov (Len Rose) (10/10/88)
Did anyone else notice over 900 misc.test messages from microsoft?
All with the same message ID,author and header..
--
Len Rose .. len@netsys.com {ames,att,decuac}!netsys!len
Disclaimer: No one is responsible for anything I say but myself.yee@ames.arc.nasa.gov (Peter E. Yee) (10/10/88)
Not to mention the hundreds of repeats in sci.space.shuttle and rec.games.hack. -Peter Yee yee@ames.arc.nasa.gov ames!yee
brentp@microsoft.UUCP (Brent Prindle) (10/11/88)
In article <16262@ames.arc.nasa.gov>, len@ames.arc.nasa.gov (Len Rose) writes: > Did anyone else notice over 900 misc.test messages from microsoft? > All with the same message ID,author and header.. > > > -- > Len Rose .. len@netsys.com {ames,att,decuac}!netsys!len > Disclaimer: No one is responsible for anything I say but myself. First, an apology is in order. It looks like a lot of time on the modem was wasted by these articles. I am quite sorry about this, because I am sure that I started it. I am not quite sure why or how it continued tho. Nontheless, I take responsibility. If you are one of the few who have not flamed yet, my address is ...uunet!microsoft!brentp. but please read on first. ================================================================= Greetings: In case you haven't noticed, there was a major vomiting on the net, and the messages have microsoft headers. Let me explain what happened... In early September, I built a completely new UUCP and News gateway, and things were working fine. Then in late Sept, some folks here gave voice to complaints. It seems that articles were not making it off of the system, and had not for several days. So I came in one weekend (Not much time during the week, this is a background job. No one else is in this situation, right? :-) and tried to track down the problem. Could not find any problem however, so I tried completely rebuilding the system a few days later. Unfortunately, one file got deleted, which resulted in the munged headers that have become so famous. I realised what happened within a few hours, after posting a test message. I re-created the system properly, and gave up for the evening after I still could not find out what was going wrong. Things happen, and the news got pushed into the background a few days, at least until the next free weekend. But by that time, things were mysteriously working again! I wrote off the whole adventure and lost weekend as a bad feed. The really wonderful part was that six messages had made it off the system before I could kill them. These aparently sat on our feed like so many time-bombs. It looks like the kill I sent could not deal with the munged article-id. I am still not entirely sure what happened. These messages would have been expired on our system over a week ago, had I not killed them. They were sent out two weeks ago, and then blow up all over the place yesterday! Our logs do not show them going out in the past three days, and that is as far back as our logs go. Even the UUCP stats do not show any repeats or errors in the last week. Any ideas? I would like to find out exactly what is going on so this problem can be avoided by all in the future. I will continue investigating, and let everybody know what I come up with. Once again, sorry. ...uunet!microsoft!brentp
kmw@ardent.UUCP (Ken Wallich) (10/11/88)
In article <16262@ames.arc.nasa.gov> len@ames.arc.nasa.gov (Len Rose) writes: >Did anyone else notice over 900 misc.test messages from microsoft? >All with the same message ID,author and header.. Yup, I saw 'em too. Just sent brentp (and root@microsoft) some hate mail. Thanks for pointing it out. Ken Wallich Ardent Computer Corp. kmw@ardent.com -- Ken Wallich Ardent Computer Corp kmw@ardent.com Sunnyvale, California, USA "chance is the fools name for fate"
metro@asi.UUCP (Metro T. Sauper) (10/11/88)
From article <16262@ames.arc.nasa.gov>, by len@ames.arc.nasa.gov (Len Rose): > Did anyone else notice over 900 misc.test messages from microsoft? > All with the same message ID,author and header.. YES!!!!! From what I have tracked down, there seems to be two bugs at work, perhaps inciting each other. The first, is someone somwhere positing over and over the same article. The second is a bug in the news software for sites which do not use the DBM database option. The format of the alternate history file uses tabs "\t" to delimit the fields in the file. If you noticed, the three articles from microsoft (one in each of misc.test, rec.games.hack, and sci.space.shuttle) each have a tab in the message ID. Thus when the news software goes to the history file to see if the current article has already been read in, it stops at the first tab found to get each message id in the history. Once the offending message ID has been added, only a partial id is ever retrieved allows the same messageID to be added again if it is transmitted again (which it was in this case, apparently many many times). -- Metro T. Sauper, Jr. Assessment Systems, Inc. Director, Remote Systems Development 210 South Fourth Street (215) 592-8900 ..!asi!metro Philadelphia, PA 19106
james@bigtex.uucp (James Van Artsdalen) (10/11/88)
In article <16262@ames.arc.nasa.gov>, len@ames.arc.nasa.gov (Len Rose) wrote: > Did anyone else notice over 900 misc.test messages from microsoft? > All with the same message ID,author and header.. I have 1035 so far. Yet a neighbor site (with whom I do not exchange misc) only has three. uw-beaver (a neighbor of microsoft) says they only have one. -- James R. Van Artsdalen ...!uunet!utastro!bigtex!james "Live Free or Die" Home: 512-346-2444 Work: 338-8789 10926 Jollyville Rd #901 Austin TX 78759
pmech@oucsace.cs.OHIOU.EDU (Paul J. Mech) (10/11/88)
I notice a tab in the first entry in brentp@microsoft's files. Could this be causing propagation problems? pjm
jdiaz@oracle.uucp (Jean Marie Diaz) (10/12/88)
In article <16262@ames.arc.nasa.gov>, len@ames.arc.nasa.gov (Len Rose) writes: > Did anyone else notice over 900 misc.test messages from microsoft? > All with the same message ID,author and header.. Consider it a proof of the reliability of the flooding algorithm the Usenet is based on :-)
jerry@olivey.olivetti.com (Jerry Aguirre) (10/12/88)
From article <16262@ames.arc.nasa.gov>, by len@ames.arc.nasa.gov (Len Rose): > Did anyone else notice over 900 misc.test messages from microsoft? > All with the same message ID,author and header.. I use the dbm history and still received hundreds of them. The news software seems to be able to receive the articles OK, process them and transmit them on. It doesn't seem to be able to check the history file for message IDs with a tab in them. I run ihave/sendme and I notice that the site that I got the article from (ames) is repeatedly transmitting "sendme"s for those articles. I suspect we have been sending them back and forth to each other. In each case rnews doesn't "know" that it already has the article and so requests another copy. Presumably NNTP sites could be effected by the same bug. Obviously the software needs to handle this better. Given that whitespace, including specifically tabs, is forbidden in the message ID (RFC1036) I would suggest that the software reject any article with such an ID. (Put an error message in the log but do not process, store or forward such articles.) Interestingly this can be considered a Usenet "virus". It spreads and reproduces itself. Hopefully it will eventually be to old and be rejected by that code. Jerry Aguirre
james@bigtex.uucp (James Van Artsdalen) (10/12/88)
In article <323@oucsace.cs.OHIOU.EDU>, pmech@oucsace.cs.OHIOU.EDU wrote: > I notice a tab in the first entry in brentp@microsoft's files. Could > this be causing propagation problems? Yes. It prevents inews from realizing that it has seen this article before. Since people are seeing different numbers of these articles, I assume there are loops in the feeds generating the multiple copies. I thought site A would never send to site B if B was listed anywhere in the Path: line, but perhaps that is not always the case. Does nntp use the Path: line to prevent loops, or does it depend solely on the history file? -- James R. Van Artsdalen ...!uunet!utastro!bigtex!james "Live Free or Die" Home: 512-346-2444 Work: 338-8789 9505 Arboretum Blvd Austin TX 78759
jonathan@cs.keele.ac.uk (Jonathan Knight) (10/12/88)
From article <630@ardent.UUCP>, by kmw@ardent.UUCP (Ken Wallich): > In article <16262@ames.arc.nasa.gov> len@ames.arc.nasa.gov (Len Rose) writes: >>Did anyone else notice over 900 misc.test messages from microsoft? >>All with the same message ID,author and header.. > > Yup, I saw 'em too. Just sent brentp (and root@microsoft) some hate mail. > Thanks for pointing it out. Don't be cruel to brentp, he probably used some microsoft program to send the news :-) [It took three months to order a C compiler here in the UK because their software couldn't cope with upgrades from 4.0. They had to hack the database by hand to make the order come out!] -- _____ Jonathan Knight, || JANET: jonathan@uk.ac.keele.cs / Department of Computer Science || UUCP: ...!ukc!kl-cs!jonathan / _ __ University of Keele, Keele, |+------------------------------- (_/ (_) / / Staffordshire. ST5 5BG. U.K. || If in doubt, panic!
battan@tc.fluke.COM (Jim Battan) (10/12/88)
In article <387@asi.UUCP> metro@asi.UUCP (Metro T. Sauper) writes: >If you noticed, >the three articles from microsoft (one in each of misc.test, rec.games.hack, >and sci.space.shuttle) each have a tab in the message ID. I found four of them. Articles 108, 109, 110, and 111 @microsoft all have the tab plus some extra text (25144,1,1) in them. 109 is in soc.motss. I did two things (I'm on a BSD system; USG is probably different): Edit the articles to remove the junk between microsoft and .UUCP. Then run whatever expire(s) you run, but also use the -r flag to ignore and rebuild the history file and its dbm database. See the expire man page for more info. -- Jim Battan (+1 206 356 6469) battan@tc.fluke.COM || {sun,uw-beaver,decvax!microsoft}!fluke!battan
jane@tolerant.UUCP (Jane Medefesser) (10/12/88)
Poor Brent. My initial impression when I saw all those postings (after
panice from the disk space waste had subsided) was "poor guy - his news
runneth amuck". My 6th-sense told me this was no "portal-ite" abusing our
disks - just some poor sap with a config problem.
What a way to achieve usenet fame. We have dining-room tables in NJ -
we have JJ@ portal and now we have brentp@microsoft.
============================================
Jane Medefesser uucp: {pyramid,oliveb,ucbvax}!tolerant!jane
Usenet Administrator
Tolerant Systems
San Jose, Ca 95134fletcher@cs.utexas.edu (Fletcher Mattox) (10/13/88)
In article <9073@bigtex.uucp> james@bigtex.UUCP (James Van Artsdalen) writes: >Does nntp >use the Path: line to prevent loops, or does it depend solely on the >history file? Actually, nntpxmit does a sanity check on the message-id and refuses to propagate it. I've added a similar check to inews. Fletcher
karl@triceratops.cis.ohio-state.edu (Karl Kleinpaste) (10/13/88)
james@bigtex.uucp (James Van Artsdalen) writes:
Since people are seeing different numbers of these articles, I assume
there are loops in the feeds generating the multiple copies. I
thought site A would never send to site B if B was listed anywhere in
the Path: line, but perhaps that is not always the case. Does nntp
use the Path: line to prevent loops, or does it depend solely on the
history file?
NNTP is not involved in the decision of whether or not to forward an
article to neighboring sites. That's strictly [ir]news' problem.
NNTP takes an article from a neighbor, hands the article to rnews,
which is then responsible for local installation into /usr/spool/news,
and then decides whether to add it to /usr/spool/batch/otherneighbor
based on the Path: line. The NNTP daemon just waits for rnews to exit
before dealing with the incoming neighbor's next article.
--Karljbayer@ispi.UUCP (id for use with uunet/usenet) (10/13/88)
In article <9073@bigtex.uucp>, james@bigtex.uucp (James Van Artsdalen) writes: > In article <323@oucsace.cs.OHIOU.EDU>, pmech@oucsace.cs.OHIOU.EDU wrote: > > > I notice a tab in the first entry in brentp@microsoft's files. Could > > this be causing propagation problems? > > Yes. It prevents inews from realizing that it has seen this article > before. > A possible solution to this is to manually edit the offending article and replace the tab with a space. That will at least keep that copy from propogating itself ad-infinitium Jonathan Bayer Intelligent Software Products, Inc.
craig@n8ino.UUCP (R. Craig Peterson ) (10/14/88)
Maybe I've got a record - I got 2234 of the bad messages!! -- R. Craig Peterson (N8INO) mcdchg!n8ino!craig craig@n8ino.UUCP E Pluribus Unum (NSA stuff - terrorist, DES, cipher, secret, NRO, CIA)
msmith@topaz.rutgers.edu (Mark Robert Smith) (10/14/88)
In article <217@ispi.UUCP> jbayer@ispi.UUCP (id for use with uunet/usenet) writes: > A possible solution to this is to manually edit the offending article > and replace the tab with a space. That will at least keep that copy > from propogating itself ad-infinitium > Jonathan Bayer NO! Don't do this! The RFC states that NO white space (spaces or tabs) is allowed in a message id. You should pull the tab out completely to fix the problem. Mark -- Mark Smith (alias Smitty) "Be careful when looking into the distance, RPO 1604; CN 5063 that you do not miss what is right under your nose." New Brunswick, NJ 08903 {backbone}!rutgers!topaz.rutgers.edu!msmith msmith@topaz.rutgers.edu Who cares in '88?
jbuck@epimass.EPI.COM (Joe Buck) (10/15/88)
>> > I notice a tab in the first entry in brentp@microsoft's files. Could >> > this be causing propagation problems? >> Yes. It prevents inews from realizing that it has seen this article >> before. >A possible solution to this is to manually edit the offending article >and replace the tab with a space. That will at least keep that copy >from propogating itself ad-infinitium A space won't screw up history, but it will prevent cancel or supersede messages from working. In any case, the official specification for the format of Usenet articles (I believe the number is RFC1036) forbids tabs OR spaces in Message-IDs. One would be justified in discarding articles with tabs or spaces in Message-IDs, but in the spirit of "be liberal in what you accept and conservative in what you send", I recommend squishing out any whitespace in message-IDs. -- - Joe Buck, card-carrying ACLU liberal jbuck@epimass.epi.com, or uunet!epimass.epi.com!jbuck, or jbuck%epimass.epi.com@uunet.uu.net for old Arpa sites
karl@triceratops.cis.ohio-state.edu (Karl Kleinpaste) (10/15/88)
craig@n8ino.UUCP (R. Craig Peterson ) writes:
Maybe I've got a record - I got 2234 of the bad messages!!
Nope. 3302.vixie@decwrl.dec.com (Paul Vixie) (10/15/88)
In article <24675@tut.cis.ohio-state.edu> karl@triceratops.cis.ohio-state.edu (Karl Kleinpaste) writes: # craig@n8ino.UUCP (R. Craig Peterson ) writes: # Maybe I've got a record - I got 2234 of the bad messages!! # # Nope. 3302. Ha! :-) I had 5600 the first day, and another 1200 the second day. -- Paul Vixie Work: vixie@decwrl.dec.com decwrl!vixie +1 415 853 6600 Play: paul@vixie.sf.ca.us vixie!paul +1 415 864 7013
grr@cbmvax.UUCP (George Robbins) (10/15/88)
In article <6@gnome6.pa.dec.com> vixie@decwrl.dec.com (Paul Vixie) writes: > In article <24675@tut.cis.ohio-state.edu> karl@triceratops.cis.ohio-state.edu > (Karl Kleinpaste) writes: > # craig@n8ino.UUCP (R. Craig Peterson ) writes: > # Maybe I've got a record - I got 2234 of the bad messages!! > # > # Nope. 3302. > > Ha! :-) I had 5600 the first day, and another 1200 the second day. Bah, I only got 5572, including 4 that were munged in various ways by eliminating tabs or replacing them with X's. I'd say that modifying the article id and passing it on isn't the greatest idea. Unless everybody does the same thing, you'll get several copies via differnt paths. My inews now tosses the aticles with spaces or tabs with a message about obscene article id's... -- George Robbins - now working for, uucp: {uunet|pyramid|rutgers}!cbmvax!grr but no way officially representing arpa: cbmvax!grr@uunet.uu.net Commodore, Engineering Department fone: 215-431-9255 (only by moonlite)
mml@srhqla.UUCP (Michael Levin) (10/16/88)
In article <6@gnome6.pa.dec.com> vixie@decwrl.dec.com (Paul Vixie) writes: >In article <24675@tut.cis.ohio-state.edu> karl@triceratops.cis.ohio-state.edu >(Karl Kleinpaste) writes: ># craig@n8ino.UUCP (R. Craig Peterson ) writes: ># Maybe I've got a record - I got 2234 of the bad messages!! ># ># Nope. 3302. > >Ha! :-) I had 5600 the first day, and another 1200 the second day. >-- I only got a few hundred, but I've gotten 144,987,245 articles (each one different) of the type above. Is there a problem on the net??? Mike Levin -- +----+ P L E A S E R E S P O N D T O: +------+ * * * * | Mike Levin, Silent Radio Headquarters, Los Angeles (srhqla) |"I sure hope | Path:{allegra|clyde|csun|magnus|telebit|ulysses}!srhqla!levin | this works!" +---------------------------------------------------------------+--------------+
kratz@dataspan.UUCP (Geoff Kratz) (10/19/88)
In article <24675@tut.cis.ohio-state.edu>, karl@triceratops.cis.ohio-state.edu (Karl Kleinpaste) writes: > craig@n8ino.UUCP (R. Craig Peterson ) writes: > Maybe I've got a record - I got 2234 of the bad messages!! > > Nope. 3302. Sorry. 5607. Ack! -- Geoff Kratz Dataspan Technology Inc. Ph:(403) 237-9313 Project Manager 400-540 5th Av SW Calgary Alberta Canada T2P 0M2 "Hey, no problem!" ...!uunet!utai!calgary!dataspan!kratz