| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: sgmasood at yahoo.com (S G Masood) Subject: AT&T early warning system --- Steve Wray <steve.wray@...adise.net.nz> wrote: > What if people developing worms do small test runs > before the final release? > > The AT&T approach might not work if the developer > was testing it on a private network, but if they > used a small collection of zombies on the internet > to test it out and see how well it works, > conceivably it could be detected? In most cases, technically,it will not be possible to do a test run of a worm on a "small collection of zombies on the internet". One fact that is true for most worms is that a worm once released on the internet cannot be called back even by the author(for various reasons like speed of propagation, nature of propagation, etc.). If the author wants to test the worm on a small collection of machines on the *internet* before the final release, he would have to considerably change the design of the worm. This change of design itself shows that there is no point in doing a test run on the internet because the results from such a test would differ widely from the actual results of the final version of the worm used for the actual mass attack. The test version and the final release would be entirely different creatures. IMHO, testing on a private network is always preferable for highly accurate predictions. -- S.G.Masood Hyderabad, India. __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
Powered by blists - more mailing lists