On Fri, Nov 15, 2019, 7:32 AM Doug McIlroy <doug@cs.dartmouth.edu> wrote:

> > That was the trouble; had he bothered to test it on a private network (as
> > if a true professional would even consider carrying out such an act)[*]
> he
> > would've noticed that his probability calculations were arse-backwards
>
> Morris's failure to foresee the results of even slow exponential
> growth is matched by the failure of the critique above to realize
> that Morris wouldn't have seen the trouble in a small network test.
>
> The worm assured that no more than one copy (and occasionally one clone)
> would run on a machine at a time. This limits the number of attacks
> that any one machine experiences at a time to roughly the
> number of machines in the network. For a small network, this will
> not be a major load.
>
>
> The worm became a denial-of-service attack only because a huge
> number of machines were involved.
>
> I do not remember whether the worm left tracks to prevent its
> being run more than once on a machine, though I rather think
> it did. This would mean that a small network test would not
> only behave innocuously; it would terminate almost instantly.
>

it had code to do that, but IIRC, there were bugs in that code that
prevented it being completely effective in some cases... the sorts of
cases, though, that a small scale test wouldn't likely catch.

Warner