Implications of recent virus (Trojan Horse) attack

Tony Nardo trn at aplcomm.jhuapl.edu
Sat Nov 19 07:17:01 AEST 1988


In article <8908 at smoke.BRL.MIL> gwyn at brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes:
>In article <270 at popvax.harvard.edu> mohamed at popvax.UUCP (R06400 at Mohamed Ellozy) writes:
>-This is what irritates the living daylights out of so many of us.
>-He "knows" of at least three other such holes.  He is thus more
>-learned, perhaps even wiser, than we are.
>-	BUT WHAT THE HELL ARE YOU DOING TO GET THEM CLOSED???
>
>The BSD developers know of all three holes and have published fixes for
>two of them.  BRL's network host tester will probe for them and inform
>system administrators if they have these holes.

I don't mean to sound facetious, but I seem to recall some news article
mentioning that there were 60,000+ nodes on the Internet.  Let's assume that
only 5% of these systems use some flavor of 4.* BSD.  Let's also assume that
only 40% of those systems have administrators who wish to have those holes
identified and (possibly) plugged.  Does BRL have the facilities to test 1200+
nodes before some other clever person develops a copycat "infection"?  Or even
distribute a "hole test kit" to that many sites?

There *must* be a better way to distribute information on how to check for
these holes than to have every Internet site queue up for BRL's test...

							Tony

P.S.	To Mohamed: if you discovered one of these holes, and realized that
	a second worm could very easily be written to exploit it, what would
	*you* do?

	Actually, anyone may feel free to answer this.  Please reply to me
	by E-mail.  I'll attempt to summarize.

==============================================================================
ARPA, BITNET:   trn at aplcomm.jhuapl.edu
UUCP:		{backbone!}mimsy!aplcomm!trn

"Always remember that those who can, do, and that those who can't, teach.  And
 those who can't teach become critics.  That's why there're so many of them."
			PORTRAIT OF THE ARTIST AS A YOUNG GOD (Stephen Goldin)
==============================================================================



More information about the Comp.unix.wizards mailing list