nanog mailing list archives
RE: Symantec detected Slammer worm "hours" before
From: "Al Rowland" <alan_r1 () corp earthlink net>
Date: Thu, 13 Feb 2003 09:27:41 -0800
Not to mention that most firewalls and IDSs that DeepSight relies on didn't flag on 1434 before Slammer. Best regards, ______________________________ Al Rowland
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of William Warren Sent: Thursday, February 13, 2003 9:17 AM To: nanog () merit edu Subject: Re: Symantec detected Slammer worm "hours" before really? wow then according to their press release none of their Deepsight customers were compromised because of this early warning? I bet that can be debunked fairly quickly. Let's se what falls out of the busy once it is shaken a bit. Stephen J. Wilcox wrote:I saw this mentioned in an article a day or two after the attack. Clearly they are wrong about this (lying or mistaken), foras you saythe speed of propogation means that a single infected hostwould haveinfected the whole internet in minutes which means we all see the first packets at almost exactly the same time.From the context it is written below, this seems a cheap stunt to promote theirservice. Steve On Thu, 13 Feb 2003, Sean Donelan wrote:Wow, Symantec is making an amazing claim. They were able to detect the slammer worm "hours" before. Did anyone receive earlyalerts fromSymantec about the SQL slammer worm hours earlier? Academics have estimated the worm spread world-wide, and reached itsmaximum scanningrate in less than 10 minutes. I assume Symantec has some data to back up their claim. http://enterprisesecurity.symantec.com/content.cfm?articleid
=1985&EID=
0 "For example, the DeepSight Threat Management System discovered the Slammer worm hours before it began rapidly propagating. Symantec's DeepSight Threat Management System then delivered timely alerts and procedures, enabling administrators to protect against the attack before their environment was compromised."
-- May God Bless you and everything you touch. My "foundation" verse: Isaiah 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.
Current thread:
- Symantec detected Slammer worm "hours" before Sean Donelan (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Stephen J. Wilcox (Feb 13)
- Re: Symantec detected Slammer worm "hours" before William Warren (Feb 13)
- RE: Symantec detected Slammer worm "hours" before Al Rowland (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Peter Salus (Feb 13)
- Re: Symantec detected Slammer worm "hours" before William Warren (Feb 13)
- Re: Symantec detected Slammer worm "hours" before k claffy (Feb 13)
- Re: Symantec detected Slammer worm "hours" before David Lesher (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Mike Lloyd (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Jack Bates (Feb 13)
- Bumps on the Net (was Re: Symantec detected Slammer worm "hours") Sean Donelan (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Martin Hannigan (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Krzysztof Adamski (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Etaoin Shrdlu (Feb 13)
- The minutes seem like hours (was Re: Symantec detected Slammer worm "hours" before) Sean Donelan (Feb 14)
(Thread continues...)
- Re: Symantec detected Slammer worm "hours" before Stephen J. Wilcox (Feb 13)