I had dinner in Berkeley the evening of the Morris Worm at Joshu-Ya - the "Kabuki West" dinner group that Russell Brand started when he moved west from MIT, with some help from me. Unusually, I went directly bed when I got home to Mountain View instead of reading E-mail on
apple.com before crashing out. Many of my dinner companions went back to the eXperimental Computing Facility (XCF - for undergrads) in Cory Hall on the UCB campus, found their facilities under attack, and coordinated with a team at MIT to perform analysis. I remember that Dave Pare put the binary analysis skills he'd acquired in decompiling psl's empire game to good use in analyzing the worm.
I found out the next morning that
apple.com was off the Internet (CSNET had shut off the X25NET), and that it (a VAX-11/780 running 4.3 BSD UNIX; we upgraded to an 8650 not much later) had been successfully attacked 17 times overnight ... but that our X25NET connection (IP over X.25 at 9600 baud) had been so flakey that the worm hadn't managed to successfully download its second part and start it. I shut off the finger TCP service, checked to make sure our sendmail(8) didn't have the "debug mode feature" that the worm exploited, and told CSNET to turn us back on.
Erik Fair, formerly {post,host}
master@apple.com