Re: AT&T early warning system

[Jay Sulzberger <jays () panix com>]

On Fri, 17 Oct 2003, jkm wrote:

> The related link: http://www.nwfusion.com/news/2003/0929att.html
>
> Quote 1:
> "With Internet Protect, AT&T will use internally developed traffic
> analysis tools to look for anomalies such as traffic spikes, traffic
> drop-offs and unusual protocols in use."
>
> Quote 2:
> "AT&T saw anomalies in its network three to four weeks before that worm
> hit and was able to take certain precautions. "When the worm actually
> happened, AT&T's network did not take a hit,'' Eslambolchi said."
>
> Does anybody know or has worked with this Internet Protect, AT&T is now
> pushing as the next big thing. And I question whether quote 2 happened
> exactly as Eslambolchi said.
> For the network gurus, will traffic analysis prevent all or most attacks
> be it worms or otherwise? My current view is that it is not a catchall
> and the traffic anaylsis might also be used by AT&T for other stuff like
> what Verisign did recently to sell more products or such. What do u
> think?
>
> --
>   jkm
>   jkmanowar9 () fastmail fm

I am glad that a telephone company is working to bring the InterWeb under
the same sort of statistical oversight as the telphone net was under circa
1950.

Even the crudest of old fashioned traffic analysis, and the most elementary
precautions against massive channeled scabland packet flows would have
stopped most of the recent worm annoyances.

oo--JS.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html