lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031018204929.41826.qmail@web11008.mail.yahoo.com>
From: sgmasood at yahoo.com (S G Masood)
Subject: AT&T early warning system

--- Steve Wray <steve.wray@...adise.net.nz> wrote:
> What if people developing worms do small test runs
> before the final release?
> 
> The AT&T approach might not work if the developer
> was testing it on a private network, but if they
> used a small collection of zombies on the internet 
> to test it out and see how well it works, 
> conceivably it could be detected?

In most cases, technically,it will not be possible to
do a test run of a worm on a "small collection of
zombies on the internet". 
One fact that is true for most worms is that a worm
once released on the internet cannot be called back
even by the author(for various reasons like speed of
propagation, nature of propagation, etc.). If the
author wants to test the worm on a small collection of
machines on the *internet* before the final release,
he would have to considerably change the design of the
worm. This change of design itself shows that there is
no point in doing a test run on the internet because
the results from such a test would differ widely from
the actual results of the final version of the worm
used for the actual mass attack. The test version and
the final release would be entirely different
creatures.
IMHO, testing on a private network is always
preferable for highly accurate predictions.

--
S.G.Masood
Hyderabad,
India.



__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ