Return-Path: <sentto-279987-1573-997370300-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 09 Aug 2001 08:20:12 -0700 (PDT) Received: (qmail 25782 invoked by uid 510); 9 Aug 2001 14:20:28 -0000 Received: from n25.groups.yahoo.com (216.115.96.75) by 204.181.12.215 with SMTP; 9 Aug 2001 14:20:28 -0000 X-eGroups-Return: sentto-279987-1573-997370300-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by mv.egroups.com with NNFMP; 09 Aug 2001 15:18:20 -0000 X-Sender: ellisd@cs.ucsb.edu X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_3_1); 9 Aug 2001 15:18:19 -0000 Received: (qmail 7041 invoked from network); 9 Aug 2001 15:18:09 -0000 Received: from unknown (10.1.10.26) by m8.onelist.org with QMQP; 9 Aug 2001 15:18:09 -0000 Received: from unknown (HELO n7.groups.yahoo.com) (10.1.10.46) by mta1 with SMTP; 9 Aug 2001 15:18:09 -0000 X-eGroups-Return: ellisd@cs.ucsb.edu Received: from [10.1.10.65] by fj.egroups.com with NNFMP; 09 Aug 2001 15:18:04 -0000 To: iwar@yahoogroups.com Message-ID: <9ku9jb+td0a@eGroups.com> In-Reply-To: <20010809031117.59191.qmail@web14509.mail.yahoo.com> User-Agent: eGroups-EW/0.82 X-Mailer: eGroups Message Poster X-Originating-IP: 128.29.4.1 From: ellisd@cs.ucsb.edu Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 09 Aug 2001 15:18:03 -0000 Reply-To: iwar@yahoogroups.com Subject: [iwar] Re: Why do you track Code Red attempts? Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit --- In iwar@y..., "e.r." <fastflyer28@y...> wrote: > Did perhaps the thought that people were trying to understand the "why > and who behind Code Red ever dawn on you? That will find you far more > than just looking at the Code. The answers are only there, in part. As > who and why now-then you will start to understand the problem far > better, [snip] Do you think you can figure out the "who" and "why" from these numbers? I don't. I simple miscalculation in the design or implementation (especially) would create unexpected behavior making your deductions misguided. The Morris Worm, for example, had a bug in it that caused the worm to reinfect the machine repeatedly. The design included a mechanism to prevent reinfection--but it was buggy and failed to prevent reinfection. I think looking at the source code (if you can find it) will give you far more clues about the "who" and "why" than the actual behavior. Unfortunately, we will probably only get our hands on reverse-engineered code which has a lot of the tell-tale characteristics removed. It is true that looking at source code does not answer your questions entirely, but it will probably be more reliable information than the behavior of the worm. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Small business owners... Tell us what you think! http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:39 PDT