Full Disclosure mailing list archives

Re: AT&T early warning system

From: Jimmy Alderson <jimmy () digitalguardian net>
Date: Wed, 22 Oct 2003 13:58:03 -0400

On Sat, Oct 18, 2003 at 12:27:23PM -0400, Hoho wrote:


Doesn't it seem like they're trying to violate causality? If the worm
doesn't exist yet, then its associated traffic doesn't exist yet, hence
there's nothing to detect. Wonder what those 'anomalies' were. Seems no
more effective than just watching MS security patches and reading FD.
--


Perhaps they were using memetic trending, which does violate causality,
but works pretty well nonetheless.

-Jimmy

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: AT&T early warning system, (continued)
- - Re: AT&T early warning system jkm (Oct 17)
- Re: AT&T early warning system Hoho (Oct 18)
  - Re: AT&T early warning system S G Masood (Oct 18)
    - Re: AT&T early warning system jkm (Oct 19)
  - RE: AT&T early warning system Steve Wray (Oct 18)
    - RE: AT&T early warning system S G Masood (Oct 18)
    - Re: AT&T early warning system Sascha Teifke (Oct 18)
    - RE: AT&T early warning system Bruce Ediger (Oct 18)
  - Re: AT&T early warning system jkm (Oct 19)
    - RE: AT&T early warning system Steve Wray (Oct 19)
  - Re: AT&T early warning system Jimmy Alderson (Oct 22)