lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: mailinglist at teifke.de (Sascha Teifke)
Subject: AT&T early warning system

S G Masood wrote:

>--- Steve Wray <steve.wray@...adise.net.nz> wrote:
>  
>
>>What if people developing worms do small test runs
>>before the final release?
>>
>>The AT&T approach might not work if the developer
>>was testing it on a private network, but if they
>>used a small collection of zombies on the internet 
>>to test it out and see how well it works, 
>>conceivably it could be detected?
>>    
>>
>
>In most cases, technically,it will not be possible to
>do a test run of a worm on a "small collection of
>zombies on the internet". 
>One fact that is true for most worms is that a worm
>once released on the internet cannot be called back
>even by the author(for various reasons like speed of
>propagation, nature of propagation, etc.). If the
>author wants to test the worm on a small collection of
>machines on the *internet* before the final release,
>he would have to considerably change the design of the
>worm. This change of design itself shows that there is
>no point in doing a test run on the internet because
>the results from such a test would differ widely from
>the actual results of the final version of the worm
>used for the actual mass attack. The test version and
>the final release would be entirely different
>creatures.
>IMHO, testing on a private network is always
>preferable for highly accurate predictions.
>
>--
>S.G.Masood
>Hyderabad,
>India.
>  
>
Well, I've got a very good Idea! Why don't we ask the Worm Coders to
evaluate their
Worms on a small amount of Zombie-Hosts, so that AT&T and whoever wants
to know about
the anomaly created by Worms or other nasty things, is warned? ;.)

>
>__________________________________
>Do you Yahoo!?
>The New Yahoo! Shopping - with improved product search
>http://shopping.yahoo.com
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ