Robert wrote: > > Gene Spafford's written quite a good paper on the worm; > I'm pretty sure it's available at ftp.cert.org. It contains > partial decompiled versions of the original src code. Thanks. Most people seem to consider it the canonical reference. In the directory ftp://coast.cs.purdue.edu/pub/doc/morris_worm one may find: 1) My original tech report on the Worm, which was reprinted in ACM Computer Communication Review. This is the paper to which Robert refers. 2) My follow-up tech report, later presented at the ESEC conference. 3) Eichin & Rochlis's IEEE paper on the worm ("With Microscope and Tweezers") 4) The full-length tech report version of the Eichin & Rochlis paper 5) Donn Seely's paper on the worm 6) The written decision of the US Court of Appeals on Morris's appeal of his conviction. 7) A paper on the worm written by Bob Page, then at the Univ of Lowell. 8) A short FAQ. 9) Text of the GAO report on the Morris incident. 10) A copy of RFC 1135 on the Worm incident. 11) copies of the news article posted by Keith Bostic with the BSD fixes to sendmail Unfortunately, I don't have a copy of the Cornell Commission report on-line. We will add one or more of the copies of the source code that have been indicated in previous mail to this list. And, if I can locate my copy of the traffic on the mailing list I started for Worm response (phage), I'll include that. I think it is on a backup tape somewhere.... I've seen the actual Worm source code. I've also seen parts of 3 or 4 different decompilations. Most of the decompilations are close, but they don't have some of the "ifdef'd" code of the original, nor do they have the comments (obviously). The comments in the original code strongly suggested that Robert intended it to behave the way it did -- no accidents involved. I do not know if Cornell ever intends to release the actual code. If anyone knows of any other on-line resources relating to this (or anything else related to security) that we do not have on coast.cs.purdue.edu, please drop a line about it to security-archive@coast.cs.purdue.edu and we'll add it in. If anyone has questions about the Worm or the papers or the archive, I'll be happy to try to answer them in private e-mail. Further discussion of the Worm is a bit off the topic of the list. Cheers, --spaf