Crisis and aftermath

Author:
E. H. Spafford

Purdue Univ., West Lafayette, IN

Purdue Univ., West Lafayette, IN
View Profile

Authors Info & Claims

Communications of the ACM Volume 32 Issue 6June 1989pp 678–687https://doi.org/10.1145/63526.63527

Published:01 June 1989Publication History

Communications of the ACM

Abstract

Last November the Internet was infected with a worm program that eventually spread to thousands of machines, disrupting normal activities and Internet connectivity for many days. The following article examines just how this worm operated.

References

1 Allman, E. Sendmait--An internetwork mail router. University of California, Berkeley, (issued with the BSD UNIX documentation), 1983.]]Google Scholar
2 Denning, P. The Internet worm. Amer. Sci. 77, 2 (Mar.-Apr. 1989}, 126-128.]]Google Scholar
3 Eichen, M.W., and Rochlis, J.A. With microscope and tweezers: An analysis of the Internet virus of November 1988. In Proceedings of the Symposium on Research in Security and Privacy (May 1989}. IEEE-CS, Oakland, Calif.]]Google Scholar
4 Grampp, F.T., and Morris, R.M. UNIX operating system security. AT&T Bell Laboratories Tech. J. 63, 8, part 2 (Oct. 1984}, 1649-1672.]]Google Scholar
5 Harrenstien, K. Name/Finger. RFC 742, SRI Network Information Center, Dec. 1977.]]Google Scholar
6 King, K.M. Overreaction to external attacks on computer systems could be more harmful than the viruses themselves. Chronicle of Higher Education (Nov. 23, 1988), A36.]]Google Scholar
7 Kocher, B. A hygiene lesson. Commun. ACM 32, 1 (Jan. 1989), 3.]] Google ScholarDigital Library
8 Morris, R., and Thompson, K. UNIX password security. Commun. ACM 22, 11 (Nov. 1979), 594-597.]] Google ScholarDigital Library
9 Postel, J.B. Simple mail transfer protocol. RFC 821, SRI Network Information Center, Aug. 1982.]] Google ScholarDigital Library
10 Proceedings of the virus post-mortem meeting. National Computer Security Center, Ft. George Meade, MD, Nov. 8, 1988.]]Google Scholar
11 Reid, B. Lessons from the UNIX breakins at Stanford. Software Engineering Notes 11, 5 (Oct. 1986), 29-35.]] Google ScholarDigital Library
12 Reid, B. Reflections on some recent widespread computer breakins. Commun. ACM 30, 2 (Feb. 1987}, 103-105.]] Google ScholarDigital Library
13 Ritchie, D.M. On the security of UNIX. In UNIX Supplementary Documents. AT&T, 1979.]]Google Scholar
14 Royko, M. Here's how to stop computer vandals. Chicago Tribune, (Nov. 6, 1988).]]Google Scholar
15 Seeley, D. A tour of the worm. In Proceedings of the 1989 Winter USENIX Conference. USENIX Association, San Diego, Calif., Feb. 1989.]]Google Scholar
16 Spafford, E.H. The Internet worm program: An analysis. Computer Communication Review 19, 1 (Jan. 1989). Also issued as Purdue CS technical report TR-CSD-823.]] Google ScholarDigital Library
17 Spafford, E.H. Some musings on ethics and computer breakins. In Proceedings of the Winter USENIX Conference. USENIX Association, San Diego, Calif., Feb. 1989.]]Google Scholar
18 Steiner, J., Neuman, C., and Schiller, J. Kerberos: An authentication service for open network systems. In Proceedings of the Winter USENIX Association Conference, Feb. 1988, pp. 191-202.]]Google Scholar
19 Uncle Sam's anti-virus corps. UNIX Today!. (Jan. 23, 1989), 1o.]]Google Scholar

Index Terms

Crisis and aftermath
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
  2. Professional topics
    1. Computing profession
      1. Codes of ethics
    2. Management of computing and information systems

Recommendations

Analyzing the Aftermath of the McColo Shutdown
SAINT '09: Proceedings of the 2009 Ninth Annual International Symposium on Applications and the Internet

This paper examines how spam behavior was impacted by the shutdown of McColo, a service provider known for its lax security enforcement. Since the shutdown, a variety of sources have reported significant changes to global spam patterns. In an effort to ...
Read More
Crisis Management

Multiple recent disasters have put crisis management in the limelight. Consequently, many IT-related research efforts are under way to bring transformational changes to first responder and response organizations’ ability to contain and mitigate crises.

Read More
An Event-Driven Architecture for Fine Grained Intrusion Detection and Attack Aftermath Mitigation
ECBS '07: Proceedings of the 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems

In today's computing environment, unauthorized accesses and misuse of critical data can be catastrophic to personal users, businesses, emergency services, and even national defense and security. To protect computers from the ever-increasing threat of ...
Read More

Reviews

Reviewer: Thomas C. Richards

This paper contains a detailed analysis of the Internet worm incident, which occurred in November 1988. During the evening of November 2 the worm spread quickly to Sun 3 systems and VAX computers running 4 BSD UNIX. As time went on these machines became so loaded that they were unable to continue processing. Within several hours effective methods of stopping the invading program had been discovered. This paper contains a complete analysis of how the Internet worm operated and of the aftermath of its release. This includes how bugs in the fingerd and sendmail software in UNIX were exploited and how the attacker used common lists of passwords until a match was found. A detailed overview of how the worm program functioned is also presented. The author concludes his discussion with the moral, ethical, and legal issues related to this type of computer security breach.

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Communications of the ACM Volume 32, Issue 6
June 1989
92 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/63526
Editor:
Peter J. Denning
NASA Ames Research Center, Moffett Field, CA
Issue’s Table of Contents
Copyright © 1989 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 June 1989
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 154
  Total Citations
  View Citations
- 2,497
  Total Downloads
- Downloads (Last 12 months)159
- Downloads (Last 6 weeks)13
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Crisis and aftermath

Communications of the ACM

Abstract

References

Cited By

Index Terms

Recommendations

Analyzing the Aftermath of the McColo Shutdown

Crisis Management

An Event-Driven Architecture for Fine Grained Intrusion Detection and Attack Aftermath Mitigation

Reviews

Access critical reviews of Computing literature here