Xref: utzoo comp.unix.wizards:12681 news.sysadmin:1623 Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!cwjcc!hal!nic.MR.NET!tank!mimsy!aplcen!aplcomm!trn@aplcomm.jhuapl.edu From: trn@aplcomm.jhuapl.edu (Tony Nardo) Newsgroups: comp.unix.wizards,news.sysadmin Subject: Re: Implications of recent virus (Trojan Horse) attack Message-ID: <2496@aplcomm.jhuapl.edu> Date: 18 Nov 88 21:17:01 GMT References: <17519@adm.BRL.MIL> <8890@smoke.BRL.MIL> <270@popvax.harvard.edu> <8908@smoke.BRL.MIL> Sender: news@aplcomm.jhuapl.edu Reply-To: trn@aplcomm.jhuapl.edu (Tony Nardo) Distribution: comp.unix.wizards Organization: Johns Hopkins University/APL (Baltimore, Md.) Lines: 39 In article <8908@smoke.BRL.MIL> gwyn@brl.arpa (Doug Gwyn (VLD/VMB) ) writes: >In article <270@popvax.harvard.edu> mohamed@popvax.UUCP (R06400@Mohamed Ellozy) writes: >-This is what irritates the living daylights out of so many of us. >-He "knows" of at least three other such holes. He is thus more >-learned, perhaps even wiser, than we are. >- BUT WHAT THE HELL ARE YOU DOING TO GET THEM CLOSED??? > >The BSD developers know of all three holes and have published fixes for >two of them. BRL's network host tester will probe for them and inform >system administrators if they have these holes. I don't mean to sound facetious, but I seem to recall some news article mentioning that there were 60,000+ nodes on the Internet. Let's assume that only 5% of these systems use some flavor of 4.* BSD. Let's also assume that only 40% of those systems have administrators who wish to have those holes identified and (possibly) plugged. Does BRL have the facilities to test 1200+ nodes before some other clever person develops a copycat "infection"? Or even distribute a "hole test kit" to that many sites? There *must* be a better way to distribute information on how to check for these holes than to have every Internet site queue up for BRL's test... Tony P.S. To Mohamed: if you discovered one of these holes, and realized that a second worm could very easily be written to exploit it, what would *you* do? Actually, anyone may feel free to answer this. Please reply to me by E-mail. I'll attempt to summarize. ============================================================================== ARPA, BITNET: trn@aplcomm.jhuapl.edu UUCP: {backbone!}mimsy!aplcomm!trn "Always remember that those who can, do, and that those who can't, teach. And those who can't teach become critics. That's why there're so many of them." PORTRAIT OF THE ARTIST AS A YOUNG GOD (Stephen Goldin) ==============================================================================