Full Disclosure mailing list archives
Re: AT&T early warning system
From: "jkm" <jkmanowar9 () fastmail fm>
Date: Sun, 19 Oct 2003 17:02:18 -0800
On 18 Oct 2003 12:27:23 -0400, "Hoho" <hoho () tacomeat net> said:
On Fri, 2003-10-17 at 22:44, jkm wrote:Quote 2: "AT&T saw anomalies in its network three to four weeks before that worm hit and was able to take certain precautions. "When the worm actually happened, AT&T's network did not take a hit,'' Eslambolchi said."Doesn't it seem like they're trying to violate causality? If the worm doesn't exist yet, then its associated traffic doesn't exist yet, hence there's nothing to detect. Wonder what those 'anomalies' were. Seems no more effective than just watching MS security patches and reading FD. --
Yeah, I agree unless as other threads are saying, the worm author releases a test worm. I wonder if it would in fact catch script kiddies and other criminal traffic, thus actually acting as an intrusion detection system? -- jkm jkmanowar9 () fastmail fm -- http://www.fastmail.fm - Consolidate POP email and Hotmail in one place _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AT&T early warning system jkm (Oct 17)
- Re: AT&T early warning system Jay Sulzberger (Oct 17)
- Re: AT&T early warning system jkm (Oct 17)
- Re: AT&T early warning system Hoho (Oct 18)
- Re: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system jkm (Oct 19)
- RE: AT&T early warning system Steve Wray (Oct 18)
- RE: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system Sascha Teifke (Oct 18)
- RE: AT&T early warning system Bruce Ediger (Oct 18)
- Re: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system jkm (Oct 19)
- RE: AT&T early warning system Steve Wray (Oct 19)
- Re: AT&T early warning system Jimmy Alderson (Oct 22)
- Re: AT&T early warning system Jay Sulzberger (Oct 17)