Re: AT&T early warning system

["jkm" <jkmanowar9 () fastmail fm>]

On Sat, 18 Oct 2003 12:07:14 -0700 (PDT), "S G Masood"
<sgmasood () yahoo com> said:
> --- Hoho <hoho () tacomeat net> wrote:
> > On Fri, 2003-10-17 at 22:44, jkm wrote:
> > > Quote 2:
> > > "AT&T saw anomalies in its network three to four
> > weeks before that worm
> > > hit and was able to take certain precautions.
> > "When the worm actually
> > > happened, AT&T's network did not take a hit,''
> > Eslambolchi said."
> >
> >
> > Doesn't it seem like they're trying to violate
> > causality? If the worm
> > doesn't exist yet, then its associated traffic
> > doesn't exist yet, hence
> > there's nothing to detect.
>
>
> ...unless they had insider information that a worm
> that exploits certain "anomalies" would be released in
> "three to four weeks" :).
> I didn't see the original article but maybe they are
> referring to the DCOM worm brigade which was
> anticipated and awaited weeks before it hit.
>
>
> --
> S.G.Masood
> Hyderabad,
> India.

They are actually referring to the MS-SQL Slammer worm.

Full quotation which I should have put up.
"As an example, Eslambolchi points to the MS-SQL Slammer worm, which was
reported on the Internet in January. AT&T saw anomalies in its network
three to four weeks before that worm hit and was able to take certain
precautions. "When the worm actually happened, AT&T's network did not
take a hit,'' Eslambolchi said."
-- 
  jkm
  jkmanowar9 () fastmail fm

-- 
http://www.fastmail.fm - Access your email from home and the web

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html