Vulnerability Development mailing list archives

RE: A code red that could bring down the net?

From: "Dom De Vitto" <dom () devitto com>
Date: Wed, 25 Jul 2001 23:53:37 +0100

Okay, okay, I made a mistake, it's Robert not William, it was late when
I searched my neural archive.

However I was under the impression that it hit a lot more than 10% (6000 hosts)
of the internet.  It infected 10%, but caused a large amount of panic
disconnections and gateway shutdowns, which only compounded the flow
of fixes.  It's hard to concieve that the shutdown of large numbers of
gateways wouldn't 'hit' considerably more hosts that merely the ones
that were infected...

Anyway, my POINT was that it was done a long time ago (1988), and to quote
SANS:
"Could an incident like this occur today? If so, how much damage could it cause?
The answer is unfortunately, yes it could happen."

Dom
-----Original Message-----
From: Pete Sherwood [mailto:petersherwood () home com]
Sent: 25 July 2001 22:36
To: Dom De Vitto; Patrick Smallwood
Cc: SECURITY-BASICS () securityfocus com; vuln-dev () securityfocus com
Subject: Re: A code red that could bring down the net?



*** PGP Signature Status: unknown
*** Signer: Unknown, Key ID = 0x2DC4B7EC
*** Signed: 25/07/2001 22:35:14
*** Verified: 25/07/2001 23:42:56
*** BEGIN PGP VERIFIED MESSAGE ***

[snip]

I give up...who is William T Morris? My G-Dads name is Morris Williams,
but he doesnt like the Internet, much less interested in a "Big DoS" of
it...


[snip]

I think a guy called William 'T' Morris may have had this idea first.
Allegedly :-)


Robert T. Morris!

History. History. History.


OK. Here is one explanation:

In 1988, the ARPANET had its first automated network security incident,
usually referred to as "the Morris worm" (4). A student at Cornell
University (Ithaca, NY), Robert T. Morris, wrote a program that would
connect to another computer, find and use one of several vulnerabilities to
copy itself to that second computer, and begin to run the copy of itself at
the new location. Both the original code and the copy would then repeat
these actions in an infinite loop to other computers on the ARPANET. This
"self-replicating automated network attack tool" caused a geometric
explosion of copies to be started at computers all around the ARPANET. The
worm used so many system resources that the attacked computers could no
longer function. As a result, 10% of the U.S. computers connected to the
ARPANET effectively stopped at about the same time. 

See:
http://www.cert.org/encyc_article/tocencyc.html

Dom



Pete Sherwood
613-260-0612 (home/office)
613-591-8900 ext. 525 (voice-mail)
PGP and Thawte digital keys available @
http://members.home.net/petersherwood/



*** END PGP VERIFIED MESSAGE ***

Current thread:

Re: A code red that could bring down the net? hypoclear (Jul 23)
- <Possible follow-ups>
- Re: A code red that could bring down the net? Pete Sherwood (Jul 26)
  - RE: A code red that could bring down the net? Dom De Vitto (Jul 26)
  - Message not available
    - Re: A code red that could bring down the net? Pete Sherwood (Jul 26)