Full Disclosure mailing list archives

RE: [sean () donelan com: Symantec detected Slammer worm "hours" before]

From: "Jason Coombs" <jasonc () science org>
Date: Thu, 13 Feb 2003 09:00:27 -1000

Whether or not DeepSight fielded a few nibbles from Sapphire before its
first successful penetration occurred, one has to ask the question "who
cares?"

If DeepSight couldn't tell administrators that their boxes exposed a
critical remote exploitable well-known buffer overflow vulnerability then
what good is it?

How can hundreds of thousands of smart people all focused on system
administration, programming, and infosec keep missing the simplest of
security flaws?

http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0
  "For example, the DeepSight Threat Management System discovered the
  Slammer worm hours before it began rapidly propagating. Symantec's
  DeepSight Threat Management System then delivered timely alerts and
  procedures, enabling administrators to protect against the attack
  before their environment was compromised."


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

[sean () donelan com: Symantec detected Slammer worm "hours" before] Len Rose (Feb 13)
- Re: [sean () donelan com: Symantec detected Slammer worm "hours" before] Rick Updegrove (security) (Feb 13)
- Re: [sean () donelan com: Symantec detected Slammer worm "hours" before] Michael Scheidell (Feb 13)
- RE: [sean () donelan com: Symantec detected Slammer worm "hours" before] Jason Coombs (Feb 13)
- <Possible follow-ups>
- Re: [sean () donelan com: Symantec detected Slammer worm "hours" before] tecky (Feb 13)
  - Re: [sean () donelan com: Symantec detected Slammer worm "hours" before] Ron DuFresne (Feb 13)