Here's the problem. The routers were being set up to delay packets of data. (OK, for you geeks out there, the switches were affected, too. I'm just using 'routers' so I don't have to keep typing 'routers and switches and routing server computers and switching server computers and ...'). These packets would normally be routed just like they were supposed to be. But when a special router packet was processed by the 'infected' router, that turned on a delay command, so that packets were delayed a short time. And they were copied, and sent to the FBI (at first) and other law enforcement agencies (later).
I want to make it clear that I didn't cause the delay packets, and I didn't modify the microcode on the routers, or the programs on the servers. I found them, tracked them down, and figured out where they were coming from.
I found 'them' out. And I figured that I could take 'them' out.
My plan was to modify the router code so that the packets would 'flood' the FBI servers, or collection points for the copied packets. I'd just copy the copies, and keep sending them to their original destination, but there would be many more packets that normal. There would be thousands of packets every second.
Now if I had set up the code so that the flood would continue unabated, that would spill too much traffic on the Net. So I had to have an 'off' switch for the flood. And I would have to test it first.
It was a simple program, and a simple process. Watch for the packet that had the 'turn on the delay code and start copying the packets' code in it. Set up the 'copy the packet' routine to loop hundreds of times instead of just once. Don't forget to turn off the 'extra copy' loop.
I had the router microcode. I had a test system at the house I could test it on. And I had connections, and root access, to the servers that were doing the delay routing. Not all of them, of course, but enough that I could fix the problem.
It didn't take long to modify one of the router programs I had, or to set up the test system. I had a bunch of normal and delay packets in a file on the hard disk. And so I wouldn't fill up the hard disk, I added a little 'delete packet' routine to actually delete the packets, rather then send them to a file, just during the test. I set up a counter to keep track of the number of flood packets that the copy routine would make.
The test worked out well. A few minor tweaks to tighten up the code a bit, and it was ready to send out. I modified the new router code for the various systems I could get into. And I created script files to dial into the systems, log in with my hidden root user, upload my modified router code, restart the router program, clean up the log file, and disconnect. Then connect to the next system.
A final test of the test program, and then a modification to take out the delete routine. I copied the files to a floppy disk, and went over to the apartment (I still had it set up for access into the systems) to load it into those computers.
I was ready to 'fix' the problem.