RE: A code red that could bring down the net?

From: Dom De Vitto (domat_private)
Date: Wed Jul 25 2001 - 15:53:37 PDT

Next message: Pete Sherwood: "Re: A code red that could bring down the net?"

Previous message: Kimberly Anne McKinnis: "Re:Sircam"
Next in thread: Pete Sherwood: "Re: A code red that could bring down the net?"
Next in thread: matt sommer: "Re: Update to "Code Red" Worm. Its a date bomb, not time."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Okay, okay, I made a mistake, it's Robert not William, it was late when
I searched my neural archive.

However I was under the impression that it hit a lot more than 10% (6000 hosts)
of the internet.  It infected 10%, but caused a large amount of panic
disconnections and gateway shutdowns, which only compounded the flow
of fixes.  It's hard to concieve that the shutdown of large numbers of
gateways wouldn't 'hit' considerably more hosts that merely the ones
that were infected...

Anyway, my POINT was that it was done a long time ago (1988), and to quote
SANS:
"Could an incident like this occur today? If so, how much damage could it cause?
The answer is unfortunately, yes it could happen."

Dom
-----Original Message-----
From: Pete Sherwood [mailto:petersherwoodat_private]
Sent: 25 July 2001 22:36
To: Dom De Vitto; Patrick Smallwood
Cc: SECURITY-BASICSat_private; vuln-devat_private
Subject: Re: A code red that could bring down the net?



*** PGP Signature Status: unknown
*** Signer: Unknown, Key ID = 0x2DC4B7EC
*** Signed: 25/07/2001 22:35:14
*** Verified: 25/07/2001 23:42:56
*** BEGIN PGP VERIFIED MESSAGE ***

[snip]

> I give up...who is William T Morris? My G-Dads name is Morris Williams,
> but he doesnt like the Internet, much less interested in a "Big DoS" of
> it...  

[snip] 

> I think a guy called William 'T' Morris may have had this idea first.
> Allegedly :-)

Robert T. Morris!

> History. History. History.

OK. Here is one explanation:

In 1988, the ARPANET had its first automated network security incident,
usually referred to as "the Morris worm" (4). A student at Cornell
University (Ithaca, NY), Robert T. Morris, wrote a program that would
connect to another computer, find and use one of several vulnerabilities to
copy itself to that second computer, and begin to run the copy of itself at
the new location. Both the original code and the copy would then repeat
these actions in an infinite loop to other computers on the ARPANET. This
"self-replicating automated network attack tool" caused a geometric
explosion of copies to be started at computers all around the ARPANET. The
worm used so many system resources that the attacked computers could no
longer function. As a result, 10% of the U.S. computers connected to the
ARPANET effectively stopped at about the same time. 

See:
http://www.cert.org/encyc_article/tocencyc.html


> Dom


Pete Sherwood
613-260-0612 (home/office)
613-591-8900 ext. 525 (voice-mail)
PGP and Thawte digital keys available @
http://members.home.net/petersherwood/



*** END PGP VERIFIED MESSAGE ***

Next message: Pete Sherwood: "Re: A code red that could bring down the net?"
Previous message: Kimberly Anne McKinnis: "Re:Sircam"
Next in thread: Pete Sherwood: "Re: A code red that could bring down the net?"
Next in thread: matt sommer: "Re: Update to "Code Red" Worm. Its a date bomb, not time."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 10:57:04 PDT