Daemon

is a
police
emergency.’
    ‘I didn’t see a badge.’
    ‘Look, I’m working with the Feds on the Daemon case. Sobol’s house is five miles down the road. It’s not improbable that I would stay here.’
    ‘You checked in weeks ago – before Sobol died. Just wait for the police.’
    ‘By the time they get here, it’ll be too late. The Daemon is going to attack your servers to find out who I am.’
    ‘I’m not listening, sir!’
    ‘If the Web server is in there with you, just pull the cables out of the back. That’s all I’m asking.’
    There was no response.
    ‘Kid! This isn’t a joke. The Daemon has already killed more than a dozen people. If it finds out who I am—’
    ‘Sir, I suggest you talk to the police about it.’
    Shit
. Ross stalked around the front desk. He manned the computer on the counter. It displayed a browser-based hotel management program. A logon screen stared him in the face. Ross flipped over the mouse pad and found a tiny Post-it note scrawled with logons and passwords. He used one to log on.‘Well, that’s one advantage I have over the Daemon …’
    Like most point-of-sale systems, this one was designed to minimize training requirements. Ross was presented with a standard switchboard form for the billing system. He chose Customer Accounts and searched for his name. He quickly found his billing record, but he couldn’t edit anything. The night clerk’s logon didn’t have sufficient privileges to change existing information – only to add new charges. Ross’s name and credit card number were clearly displayed. There was also a link for his Internet and phone charges. Damnit.
    The server for
The Gate
would already have the hotel’s main IP address – so the Daemon would know precisely where to launch its attack. If the hotel ran a common hotel management system – as was likely – then the database layout would be public knowledge. ‘Son of a bitch.’
    In the back office, the kid was on the phone with a 911 operator. Behind him stood a couple of rack-mounted servers, a router, and a network switch, their green LED lights lazily blinking. The whole rack was locked off to him, but a flat-panel monitor displayed the logon dialog for the server, bouncing around the black screen.
    Then, like a floodgate opening, the entire bank of LEDs started fluttering like crazy. The network was slammed with IP traffic. Even the kid noticed it. He heard the hard drive straining.
    ‘Hey! Whatever you’re doing out there, stop it.’
    Ross cocked an ear toward the office but did not take his eyes off the computer screen. ‘Kid, I’m not doing anything. That’s the Daemon trying to bash its way in. It’ll try to get at the Web access logs to find my connection to its Web site. Then it’ll try to link my billing record with that IP address. I’m begging you: please open the door.’
    Ross minimized the hotel billing app and interrogated theDNS server from a console window. Thankfully the server was not properly configured and permitted a zone transfer. This let him view the internal IP map of the network from his machine – complete with machine names and operating systems.
    The clerk watched the LED lights flickering like a Vegas marquee. Suddenly the server monitor screen came to life. The logon dialog went away and the desktop appeared. The kid spoke to the 911 operator. ‘He’s doing something to our computers.’
    Back at the front desk Ross typed like a maniac. Now he knew the OS of the Web server. He thought about the odds of cracking into the server in time to clear the Web logs. Not likely, and it was the first thing the Daemon would try for.
    ‘Listen, open the door.’
    ‘No way!’
    Ross flipped back to the hotel’s Web application. He needed to go straight for the customer database. The file extension on the URL told him it was a scripted page. He started typing directly in the URL box of the browser, back-spacing to the hotel’s domain name – to which he appended the text:
/global.asa+.htr
    Then he hit ENTER.
    To Ross’s relief, the hotel hadn’t patched their Web server, either, and the browser disgorged the source code of the application onto the screen. The developers had been lazy; near the top of the code, there was a database connection string and two variables for dbowner: one for logon and one for password. He was in.
    In the back office the kid closely watched the server’s monitor. Command console windows kept appearing and disappearing on the