[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F91CE10.3060605@teifke.de>
From: mailinglist at teifke.de (Sascha Teifke)
Subject: AT&T early warning system
S G Masood wrote:
>--- Steve Wray <steve.wray@...adise.net.nz> wrote:
>
>
>>What if people developing worms do small test runs
>>before the final release?
>>
>>The AT&T approach might not work if the developer
>>was testing it on a private network, but if they
>>used a small collection of zombies on the internet
>>to test it out and see how well it works,
>>conceivably it could be detected?
>>
>>
>
>In most cases, technically,it will not be possible to
>do a test run of a worm on a "small collection of
>zombies on the internet".
>One fact that is true for most worms is that a worm
>once released on the internet cannot be called back
>even by the author(for various reasons like speed of
>propagation, nature of propagation, etc.). If the
>author wants to test the worm on a small collection of
>machines on the *internet* before the final release,
>he would have to considerably change the design of the
>worm. This change of design itself shows that there is
>no point in doing a test run on the internet because
>the results from such a test would differ widely from
>the actual results of the final version of the worm
>used for the actual mass attack. The test version and
>the final release would be entirely different
>creatures.
>IMHO, testing on a private network is always
>preferable for highly accurate predictions.
>
>--
>S.G.Masood
>Hyderabad,
>India.
>
>
Well, I've got a very good Idea! Why don't we ask the Worm Coders to
evaluate their
Worms on a small amount of Zombie-Hosts, so that AT&T and whoever wants
to know about
the anomaly created by Worms or other nasty things, is warned? ;.)
>
>__________________________________
>Do you Yahoo!?
>The New Yahoo! Shopping - with improved product search
>http://shopping.yahoo.com
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
>
Powered by blists - more mailing lists