[sean () donelan com: Symantec detected Slammer worm "hours" before]

[Len Rose <len () netsys com>]

----- Forwarded message from Sean Donelan <sean () donelan com> -----

Delivered-To: nanog-outgoing () trapdoor merit edu
Delivered-To: nanog () trapdoor merit edu
Delivered-To: nanog () merit edu
Date: Thu, 13 Feb 2003 11:59:48 -0500 (EST)
From: Sean Donelan <sean () donelan com>
To: nanog () merit edu
Subject: Symantec detected Slammer worm "hours" before
Precedence: bulk
Errors-To: owner-nanog-outgoing () merit edu
X-Loop: nanog



Wow, Symantec is making an amazing claim.  They were able to detect
the slammer worm "hours" before.  Did anyone receive early alerts from
Symantec about the SQL slammer worm hours earlier?  Academics have
estimated the worm spread world-wide, and reached its maximum scanning
rate in less than 10 minutes.

I assume Symantec has some data to back up their claim.

http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0
  "For example, the DeepSight Threat Management System discovered the
  Slammer worm hours before it began rapidly propagating. Symantec's
  DeepSight Threat Management System then delivered timely alerts and
  procedures, enabling administrators to protect against the attack
  before their environment was compromised."

----- End forwarded message -----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html