Xref: utzoo comp.unix.wizards:12337 news.sysadmin:1386
Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!oliveb!olivey!jerry
From: jerry@olivey.olivetti.com (Jerry Aguirre)
Newsgroups: comp.unix.wizards,news.sysadmin
Subject: Re: The Internet Virus--A Commentary
Summary: ways to limit virus during testing
Keywords: networks communication computer viruses development
Message-ID: <32440@oliveb.olivetti.com>
Date: 11 Nov 88 21:16:19 GMT
References: <1460@ucsfcca.ucsf.edu> <11029@elroy.Jpl.Nasa.Gov> <17827@glacier.STANFORD.EDU>
Sender: news@oliveb.olivetti.com
Reply-To: jerry@olivey.UUCP (Jerry Aguirre)
Organization: Olivetti ATC; Cupertino, Ca
Lines: 18

In article <17827@glacier.STANFORD.EDU> jbn@glacier.UUCP (John B. Nagle) writes:
>In article <11029@elroy.Jpl.Nasa.Gov> dave@jplopto.UUCP (Dave Hayes) asks:
>>How does one debug a virus?
>
>     On an isolated network of machines, obviously.  
>
>					John Nagle

There are simpler ways than dedicating a group of systems and the
network connecting them.  The most obvious is to criple the virus (or
worm) so it can't live on normal systems.  Say something like:

		test -f /tmp/worm_ok || exit

in the startup script or the equivalent in program code.  Another way is
to build in a list of host addresses that can be infected.  The code that
sets up the network connection could then take an error return if the
requested address wasn't in the list.