Path: utzoo!attcan!uunet!ncrlnk!ncr-sd!hp-sdd!hplabs!hpda!hpcupt1!hpisod1!renglish
From: renglish@hpisod1.HP.COM (Bob English)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Virus - did it infect "secure" machines
Message-ID: <9320003@hpisod1.HP.COM>
Date: 14 Nov 88 20:32:45 GMT
References: <1792@sbcs.sunysb.edu>
Organization: Hewlett Packard, Cupertino
Lines: 16

> / smb@ulysses.homer.nj.att.com (Steven M. Bellovin) /  3:08 pm  Nov 13, 1988 /

> I keep looking for a system model that would have blocked this sort of
> attack.  Except for some sort of ``fairness scheduler'' -- one that would
> have kept any one user, such as daemon or nobody from chewing up the
> whole CPU -- I don't see one.  I'd like to, though.

Since the "damage" that this worm produced was denial of service through
overload, a fairness scheduler would indeed have prevented the damage,
though it would not have prevented the worm from arriving.  Since such a
scheduler would be required in order to avoid denial of service in a
trusted system (I'm not sure what the appropriate level would be), such
a system would have behaved reasonably under the worm attack, though
mail service might have been interrupted for a time.

--bob--