Full Disclosure mailing list archives
RE: AT&T early warning system
From: Steve Wray <steve.wray () paradise net nz>
Date: Sun, 19 Oct 2003 09:06:03 +1300
What if people developing worms do small test runs before the final release? The AT&T approach might not work if the developer was testing it on a private network, but if they used a small collection of zombies on the internet to test it out and see how well it works, conceivably it could be detected? Or something like that...
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Hoho On Fri, 2003-10-17 at 22:44, jkm wrote:Quote 2: "AT&T saw anomalies in its network three to four weeksbefore that wormhit and was able to take certain precautions. "When theworm actuallyhappened, AT&T's network did not take a hit,'' Eslambolchi said."Doesn't it seem like they're trying to violate causality? If the worm doesn't exist yet, then its associated traffic doesn't exist yet, hence there's nothing to detect. Wonder what those 'anomalies' were. Seems no more effective than just watching MS security patches and reading FD.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AT&T early warning system jkm (Oct 17)
- Re: AT&T early warning system Jay Sulzberger (Oct 17)
- Re: AT&T early warning system jkm (Oct 17)
- Re: AT&T early warning system Hoho (Oct 18)
- Re: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system jkm (Oct 19)
- RE: AT&T early warning system Steve Wray (Oct 18)
- RE: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system Sascha Teifke (Oct 18)
- RE: AT&T early warning system Bruce Ediger (Oct 18)
- Re: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system jkm (Oct 19)
- RE: AT&T early warning system Steve Wray (Oct 19)
- Re: AT&T early warning system Jimmy Alderson (Oct 22)
- Re: AT&T early warning system Jay Sulzberger (Oct 17)