From: Paul Winalski <paul.winalski@gmail.com>
To: Warner Losh <imp@bsdimp.com>
Cc: The Eunuchs Hysterical Society <tuhs@tuhs.org>,
Doug McIlroy <doug@cs.dartmouth.edu>
Subject: Re: [TUHS] Happy birthday Morris worm
Date: Sun, 3 Nov 2019 12:12:20 -0500 [thread overview]
Message-ID: <CABH=_VT7rsAJCw8AXE2aZuT1F_NQce3Gqo7XKmdyJzb+vEATwg@mail.gmail.com> (raw)
In-Reply-To: <CANCZdfr1yiMbM6KixYgTXgWn5PVOQTtXWBhYODUjD_n1Lqq0Lg@mail.gmail.com>
On 11/2/19, Warner Losh <imp@bsdimp.com> wrote:
>
> the notion of a self propagating thing
> was quite novel (even if it had been theoretically discussed in many places
> prior to the worm, and even though others had proven it via slower moving
> vectors of BBS).
Novel to the Internet community, perhaps, but an idea that dates back
to the 1960s in IBM mainframe circles. Self-submitting OS/360 JCL
jobs, which eventually caused a crash by filling the queue files with
jobs, were well-known in the raised-floor world.
> In hindsight people like to point at it and what a terrible thing it was,
> but Robert just got there first.
Again, first on the Internet. Back in 1980 I accidentally took down
DEC's internal engineering network (about 100 nodes, mostly VAX/VMS,
at the time) with a worm. The network used DECnet Phase 2, which
didn't have built-in packet routing. If you wanted to talk to a
machine that wasn't physically connected to yours, you had to
explicitly specify the packet route. Network topology maps were thus
very valuable.
All of the VAXen on the network were configured with an unprivileged
default DECnet account that was used for any connection that didn't
explicitly specify a username/password. One could copy arbitrary DCL
command procedures (VMS's equivalent of shell scripts) to a machine
and execute them there. I wrote a script to collect the raw
information for making a network topology map. The script did this:
[1] Display the local DECnet connections and send this information
back over the network link.
[2] For each adjacent network node:
[2a] Copy the script to that node.
[2b] Execute the remote copy, sending its info back over the network link.
The problem, of course, is I had forgotten that network adjacency is
commutative. I ran the script on node A, which told me that A is
connected to B and C. It then told me that B was connected to A, D,
and E. Then that A is connected to B and C.... I realized what had
happened immediately, but it was already too late. The network had to
be taken down, the nodes cleared of the scripts, and then reconnected.
We learned the hard way that although the non-privileged default
DECnet accounts couldn't damage the system, they could be exploited
for what we now call DDoS attacks.
Robert Morris worked as an intern one summer in DEC's compiler group.
The Fortran project leader told Morris about my 1980 worm incident.
So he certainly had heard of the concept before he fashioned his
UNIX/Internet-based worm a few years later.
-Paul W.
next prev parent reply other threads:[~2019-11-03 17:13 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-02 14:12 Doug McIlroy
2019-11-02 20:12 ` Warner Losh
2019-11-03 17:12 ` Paul Winalski [this message]
[not found] <mailman.3.1572832803.30037.tuhs@minnie.tuhs.org>
2019-11-04 18:10 ` Paul McJones
2019-11-04 18:57 ` Bakul Shah
2019-11-04 19:24 ` Richard Salz
2019-11-05 3:48 ` Lawrence Stewart
2019-11-05 16:04 ` Ronald Natalie
2019-11-06 10:37 ` arnold
2019-11-06 13:35 ` Ronald Natalie
2019-11-04 19:25 ` SPC
2019-11-04 20:27 ` Dan Cross
2019-11-04 22:10 ` Michael Kjörling
2019-11-05 0:25 ` Anthony Martin
2019-11-12 20:56 Norman Wilson
2019-11-12 22:00 ` Dave Horsfall
2019-11-13 7:35 ` arnold
2019-11-12 22:24 Norman Wilson
2019-11-13 13:47 Doug McIlroy
2019-11-15 14:31 [TUHS] Happy birthday, " Doug McIlroy
2019-11-15 14:39 ` Warner Losh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABH=_VT7rsAJCw8AXE2aZuT1F_NQce3Gqo7XKmdyJzb+vEATwg@mail.gmail.com' \
--to=paul.winalski@gmail.com \
--cc=doug@cs.dartmouth.edu \
--cc=imp@bsdimp.com \
--cc=tuhs@tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).