Bugtraq mailing list archives
Re: 10th anniversary of the Internet Worm
From: perry () piermont com (Perry E. Metzger)
Date: Tue, 3 Nov 1998 22:14:15 -0500
Gregory Newby writes:
Estimates at the time were that around 6000 computers were infected. Because the Internet (and Usenet) was virtually useless during the few days the Worm was active,
During the day, not during the few days. At Bellcore, we shut down most of our network the morning of the attack, and were back up (mostly) the same evening. Also, Usenet was *not* carried primarily over the internet at that time -- it still went (mostly) over dialup modems.
people working to eradicate the worm used BITNET mailing lists to communicate.
Untrue. 0) Most sites did not have BITNET. We didn't have BITNET at Bellcore, for example. 1) eradicating the worm on any given host was very easy. The problem was, of course, that it tended to go runaway, driving up the load, but once you got that under control, it was easy to delete the thing. The real problem was you tended to get re-infected immediately if you didn't segment your network and sterilize all the machines on any given subsegment before reconnecting them together. 2) most of the work being done coordinating decompilation of the worm went on over the phone. I remember chatting extensively with some folks at Berkeley and elsewhere who were decompiling the thing. Once we knew that it contained nothing malicious, most of us just turned everything back on again. The worm, as deployed, attacked Suns (68k processors, at that time) and Vaxen. Other machines were not, of course, impacted. Perry
Current thread:
- 10th anniversary of the Internet Worm Gregory Newby (Nov 02)
- Re: 10th anniversary of the Internet Worm Perry E. Metzger (Nov 03)
- Re: 10th anniversary of the Internet Worm Rich Kulawiec (Nov 03)