funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: InfoSec Slammer :-)

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 03 May 2006 12:42:49 +1200
Dude VanWinkle wrote:


Now this is FUNNY =)


What?


However whilst exhibiting at the show, security risk firm McAfee was
able to detect various networks connections that lacked any
encryption, so maybe things weren't as rosy as we first suspected.
Using its Network intrusion prevention product, IntruShield, McAfee
spotted 50,000 instances of attack by the Slammer worm. Slammer was
been pumped across some security vendors' own networks, McAfee
reports.


The fact that a single moron with a Slammer-infected machine was 
present at a security trade show?  

I mean, the way Slammer works, 50,000 "attacks" detected means there 
were very few sources involved, and as the McAfee person trying to make 
PR of it didn't mention the _source_ numbers, you can bet there were 
_VERY FEW_ sources...  I mean, what would be the more "marketable" 
story nowadays -- "27 Slammer infected machines present" or "50,000 
Slammer probes detected"?  I'd say, guessing at how big Infosec is 
likely to be, that one Slammer-infected machine is likely to be well 
below the world average...


Attacks by SQL Slammer shouldn't be confused with successful
infections. Net security services firm MessageLabs, which has a
distinguished pedigree in spotting such outbreaks, told us it hadn't
seen any problems.


Or the fact that the reporter (John L really should know better!), 
despite supposedly specializing in security issues, still hasn't 
noticed that ML does Email and web filtering so wouldn't be very likely 
to spot _ANY_ Slammer attacks that may, or may not, have been present, 
yet he reported the ML comment straight, repeating the ML spin?  Can 
you say "shill" John?


For my money, it is the latter that is funny (the former is just sad!).


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: