From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id ea5bb257 for ; Sun, 3 Nov 2019 17:13:01 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id A28389B884; Mon, 4 Nov 2019 03:12:59 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id C9B9D93D5A; Mon, 4 Nov 2019 03:12:26 +1000 (AEST) Authentication-Results: minnie.tuhs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="e7YuUTLg"; dkim-atps=neutral Received: by minnie.tuhs.org (Postfix, from userid 112) id 4491193D5A; Mon, 4 Nov 2019 03:12:23 +1000 (AEST) Received: from mail-vs1-f49.google.com (mail-vs1-f49.google.com [209.85.217.49]) by minnie.tuhs.org (Postfix) with ESMTPS id C183D93D1B for ; Mon, 4 Nov 2019 03:12:22 +1000 (AEST) Received: by mail-vs1-f49.google.com with SMTP id b184so6005526vsc.5 for ; Sun, 03 Nov 2019 09:12:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=QjpY5lvvcEQkIZeNBJbw0Un7ZCE2jc8FCyb+JL8PbHE=; b=e7YuUTLgCEFKjzrbFjyUhYT5+n0ZjG1Z0SbrBnJ35lzhbHEirxS0VHfSzbauEvOYL7 KlIz/+sguH+BjMDrxjNVg0IaQG75jmmCYvYBHpJwP2SYrQZw7mJUMXpy/oW6R89CI+g9 2Qnry4lrS/8pqmGpEbBONUT+Nccwaj7sutBrG+pmHgke/JB74bmSy8XgaUBDS9sMwO2N OR5GQAouj5QYGoEE8pZ05iHC1n7th2vwXVV/MGEkBja0MqcXDNwFPjxqqCQEFgdl6K+Y iqgqIg6UxUis+Mie2iGFkweegLF3h6nj5fIqQnvwN1+SRe0KZO6gd0D+RGtO/fXoDgEy Ch5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=QjpY5lvvcEQkIZeNBJbw0Un7ZCE2jc8FCyb+JL8PbHE=; b=P4IXXtMbuAeUMTwEF77VsUmIHaIcjeP8kl8zz00khtb9l13ion8lhnQ5oQCa8zyGd5 fP3UMD3cbaoY0BQo/WHN4LEpOBMRhgqMH8uQDD/9S76z18vvSoD04VeChfGwJZiSlaqJ sP2hDSFWr/MeGbg6FgGlBVpNLkVtbSV7jWAxsPKSbrz+VaiGTLdaANdOsVqqxW17zR0k GyQB7SxNVnp7nReNwFcrGKLAm2dZBYZN3LuH3SB7Yv+o42BX8LIHclsdiGT1ABNrS1FQ Y0OUV/BtMBM8HaMT4mwmILDFrGvsDq0eikpQqiRtBXlDBML+To3rUEeSt9CAGy0JXJws Nkig== X-Gm-Message-State: APjAAAVHJdm74SZE2qm1wPsWk4GOd8UsNJ0616KtmCHXZYl97kmkXvfr 8Tvq58JjWAkZnSW5h40YAkKmcBSP92xch+ArVGI= X-Google-Smtp-Source: APXvYqyurHssz4VYLB8fjIwM64s5Lq1iGxS9m75JTgXltVvZ0Mz/VNBOGEY7DTk/GSf1YJ4el76/KpYiVw6Ctj61iGU= X-Received: by 2002:a05:6102:726:: with SMTP id u6mr10632398vsg.179.1572801141708; Sun, 03 Nov 2019 09:12:21 -0800 (PST) MIME-Version: 1.0 Received: by 2002:ab0:2747:0:0:0:0:0 with HTTP; Sun, 3 Nov 2019 09:12:20 -0800 (PST) In-Reply-To: References: <201911021412.xA2ECEMr137264@tahoe.cs.Dartmouth.EDU> From: Paul Winalski Date: Sun, 3 Nov 2019 12:12:20 -0500 Message-ID: To: Warner Losh Content-Type: text/plain; charset="UTF-8" Subject: Re: [TUHS] Happy birthday Morris worm X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: The Eunuchs Hysterical Society , Doug McIlroy Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" On 11/2/19, Warner Losh wrote: > > the notion of a self propagating thing > was quite novel (even if it had been theoretically discussed in many places > prior to the worm, and even though others had proven it via slower moving > vectors of BBS). Novel to the Internet community, perhaps, but an idea that dates back to the 1960s in IBM mainframe circles. Self-submitting OS/360 JCL jobs, which eventually caused a crash by filling the queue files with jobs, were well-known in the raised-floor world. > In hindsight people like to point at it and what a terrible thing it was, > but Robert just got there first. Again, first on the Internet. Back in 1980 I accidentally took down DEC's internal engineering network (about 100 nodes, mostly VAX/VMS, at the time) with a worm. The network used DECnet Phase 2, which didn't have built-in packet routing. If you wanted to talk to a machine that wasn't physically connected to yours, you had to explicitly specify the packet route. Network topology maps were thus very valuable. All of the VAXen on the network were configured with an unprivileged default DECnet account that was used for any connection that didn't explicitly specify a username/password. One could copy arbitrary DCL command procedures (VMS's equivalent of shell scripts) to a machine and execute them there. I wrote a script to collect the raw information for making a network topology map. The script did this: [1] Display the local DECnet connections and send this information back over the network link. [2] For each adjacent network node: [2a] Copy the script to that node. [2b] Execute the remote copy, sending its info back over the network link. The problem, of course, is I had forgotten that network adjacency is commutative. I ran the script on node A, which told me that A is connected to B and C. It then told me that B was connected to A, D, and E. Then that A is connected to B and C.... I realized what had happened immediately, but it was already too late. The network had to be taken down, the nodes cleared of the scripts, and then reconnected. We learned the hard way that although the non-privileged default DECnet accounts couldn't damage the system, they could be exploited for what we now call DDoS attacks. Robert Morris worked as an intern one summer in DEC's compiler group. The Fortran project leader told Morris about my 1980 worm incident. So he certainly had heard of the concept before he fashioned his UNIX/Internet-based worm a few years later. -Paul W.