Full Disclosure mailing list archives
RE: [sean () donelan com: Symantec detected Slammer worm "hours" before]
From: "Jason Coombs" <jasonc () science org>
Date: Thu, 13 Feb 2003 09:00:27 -1000
Whether or not DeepSight fielded a few nibbles from Sapphire before its first successful penetration occurred, one has to ask the question "who cares?" If DeepSight couldn't tell administrators that their boxes exposed a critical remote exploitable well-known buffer overflow vulnerability then what good is it? How can hundreds of thousands of smart people all focused on system administration, programming, and infosec keep missing the simplest of security flaws? http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0 "For example, the DeepSight Threat Management System discovered the Slammer worm hours before it began rapidly propagating. Symantec's DeepSight Threat Management System then delivered timely alerts and procedures, enabling administrators to protect against the attack before their environment was compromised." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [sean () donelan com: Symantec detected Slammer worm "hours" before] Len Rose (Feb 13)
- Re: [sean () donelan com: Symantec detected Slammer worm "hours" before] Rick Updegrove (security) (Feb 13)
- Re: [sean () donelan com: Symantec detected Slammer worm "hours" before] Michael Scheidell (Feb 13)
- RE: [sean () donelan com: Symantec detected Slammer worm "hours" before] Jason Coombs (Feb 13)
- <Possible follow-ups>
- Re: [sean () donelan com: Symantec detected Slammer worm "hours" before] tecky (Feb 13)
- Re: [sean () donelan com: Symantec detected Slammer worm "hours" before] Ron DuFresne (Feb 13)