>From zam@niksula.hut.fi Fri Oct 30 23:42:05 EDT 1998 remote from cheops
	by postbox.anu.edu.au (8.9.1/8.9.1) with ESMTP id XAA07667
	for <avalon@coombs.anu.edu.au>; Fri, 30 Oct 1998 23:41:57 +1100 (EDT)
	by nukkekoti.cs.hut.fi (8.8.8/8.8.8/1.19) with SMTP id OAA14713
	for <avalon@coombs.anu.edu.au>; Fri, 30 Oct 1998 14:41:48 +0200 (EET)
Date: Fri, 30 Oct 1998 14:41:47 +0200 (EET)
From: Samuli Mattila <zam@niksula.hut.fi>
To: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: (no subject)
In-Reply-To: <199810300055.CAA04496@nukkekoti.cs.hut.fi>
Message-ID: <Pine.SGI.3.96.981030143928.13759A-100000@lego.cs.hut.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII



On Fri, 30 Oct 1998, Darren Reed wrote:

> In some mail from Samuli Mattila, sie said:
> > 
> > 
> > > FATAL: TCP/IP Failure         What's the problem?
> > > 
> > 
> > There is a NetBSD virus called "heywire", that installs 
> > a monkeyfilter in your tcp/ip -stack. This must be
> > the case.
> 
> do you have any more details on this ?
> 
> thanks,
> darren
> 

The NetBSD virus "heywire" is a variant of word macro virus called
"hiwire". Hiwire is a cd-rom bootsector virus that attaches itself
TCP/IP-stack with NDIS interface and then starts dropping ICMP-packets,
working as a monkeyfilter. The NetBSD variant has similar functionality,
but it is a LKM (Loadable Kernel Module) TCL-macro virus. The virus can be
used as heuristic firewall.
Fortunately the virus can be fairly easily removed, simply by rotating
keyboard 90 counterclockwise.

I was just kidding. The point was to give a stupid answer for a stupid
question (original). I am sorry if this caused confusion.

Samuli Mattila