funsec mailing list archives
Re: InfoSec Slammer :-)
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 03 May 2006 12:42:49 +1200
Dude VanWinkle wrote:
Now this is FUNNY =)
What?
However whilst exhibiting at the show, security risk firm McAfee was able to detect various networks connections that lacked any encryption, so maybe things weren't as rosy as we first suspected. Using its Network intrusion prevention product, IntruShield, McAfee spotted 50,000 instances of attack by the Slammer worm. Slammer was been pumped across some security vendors' own networks, McAfee reports.
The fact that a single moron with a Slammer-infected machine was present at a security trade show? I mean, the way Slammer works, 50,000 "attacks" detected means there were very few sources involved, and as the McAfee person trying to make PR of it didn't mention the _source_ numbers, you can bet there were _VERY FEW_ sources... I mean, what would be the more "marketable" story nowadays -- "27 Slammer infected machines present" or "50,000 Slammer probes detected"? I'd say, guessing at how big Infosec is likely to be, that one Slammer-infected machine is likely to be well below the world average...
Attacks by SQL Slammer shouldn't be confused with successful infections. Net security services firm MessageLabs, which has a distinguished pedigree in spotting such outbreaks, told us it hadn't seen any problems.
Or the fact that the reporter (John L really should know better!), despite supposedly specializing in security issues, still hasn't noticed that ML does Email and web filtering so wouldn't be very likely to spot _ANY_ Slammer attacks that may, or may not, have been present, yet he reported the ML comment straight, repeating the ML spin? Can you say "shill" John? For my money, it is the latter that is funny (the former is just sad!). Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- InfoSec Slammer :-) Dude VanWinkle (May 02)
- Re: InfoSec Slammer :-) Nick FitzGerald (May 02)
- Re: InfoSec Slammer :-) Dude VanWinkle (May 02)
- Re: InfoSec Slammer :-) Valdis . Kletnieks (May 02)
- Re: InfoSec Slammer :-) Jeff Kell (May 02)
- Re: InfoSec Slammer :-) Nick FitzGerald (May 02)