Gregory Newby writes: > Estimates at the time were that around 6000 computers were > infected. Because the Internet (and Usenet) was virtually > useless during the few days the Worm was active, During the day, not during the few days. At Bellcore, we shut down most of our network the morning of the attack, and were back up (mostly) the same evening. Also, Usenet was *not* carried primarily over the internet at that time -- it still went (mostly) over dialup modems. > people working to eradicate the worm used BITNET mailing lists to > communicate. Untrue. 0) Most sites did not have BITNET. We didn't have BITNET at Bellcore, for example. 1) eradicating the worm on any given host was very easy. The problem was, of course, that it tended to go runaway, driving up the load, but once you got that under control, it was easy to delete the thing. The real problem was you tended to get re-infected immediately if you didn't segment your network and sterilize all the machines on any given subsegment before reconnecting them together. 2) most of the work being done coordinating decompilation of the worm went on over the phone. I remember chatting extensively with some folks at Berkeley and elsewhere who were decompiling the thing. Once we knew that it contained nothing malicious, most of us just turned everything back on again. The worm, as deployed, attacked Suns (68k processors, at that time) and Vaxen. Other machines were not, of course, impacted. Perry
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:00 PDT