Full Disclosure mailing list archives
Re: AT&T early warning system
From: Sascha Teifke <mailinglist () teifke de>
Date: Sun, 19 Oct 2003 01:34:40 +0200
S G Masood wrote:
--- Steve Wray <steve.wray () paradise net nz> wrote:What if people developing worms do small test runs before the final release? The AT&T approach might not work if the developer was testing it on a private network, but if theyused a small collection of zombies on the internet to test it out and see how well it works, conceivably it could be detected?In most cases, technically,it will not be possible to do a test run of a worm on a "small collection ofzombies on the internet". One fact that is true for most worms is that a wormonce released on the internet cannot be called back even by the author(for various reasons like speed of propagation, nature of propagation, etc.). If the author wants to test the worm on a small collection of machines on the *internet* before the final release, he would have to considerably change the design of the worm. This change of design itself shows that there is no point in doing a test run on the internet because the results from such a test would differ widely from the actual results of the final version of the worm used for the actual mass attack. The test version and the final release would be entirely different creatures. IMHO, testing on a private network is always preferable for highly accurate predictions. -- S.G.Masood Hyderabad, India.
Well, I've got a very good Idea! Why don't we ask the Worm Coders to evaluate their Worms on a small amount of Zombie-Hosts, so that AT&T and whoever wants to know about the anomaly created by Worms or other nasty things, is warned? ;.)
__________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AT&T early warning system jkm (Oct 17)
- Re: AT&T early warning system Jay Sulzberger (Oct 17)
- Re: AT&T early warning system jkm (Oct 17)
- Re: AT&T early warning system Hoho (Oct 18)
- Re: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system jkm (Oct 19)
- RE: AT&T early warning system Steve Wray (Oct 18)
- RE: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system Sascha Teifke (Oct 18)
- RE: AT&T early warning system Bruce Ediger (Oct 18)
- Re: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system jkm (Oct 19)
- RE: AT&T early warning system Steve Wray (Oct 19)
- Re: AT&T early warning system Jimmy Alderson (Oct 22)
- Re: AT&T early warning system Jay Sulzberger (Oct 17)