nanog mailing list archives
Re: Symantec detected Slammer worm "hours" before
From: "Jack Bates" <jbates () brightok net>
Date: Thu, 13 Feb 2003 13:39:10 -0600
From: "Mike Lloyd"
You added comment on a fiber cut in that time period - can you offer more detail? Barry mentioned another roughly simultaneous attack in Korea. One other theory, of course, would be trial runs of the worm, perhaps with restricted PRNG to localize attack. I've seen no direct evidence that this happened, though.
It wouldn't be the first time that someone kicked off some code, found that it was running too slowly, removed the sleep timers and tried again. However, if this were the case, trying to find and localize the initial "slow worm" compared to the later release would be difficult to say the least. Jack Bates BrightNet Oklahoma
Current thread:
- Symantec detected Slammer worm "hours" before Sean Donelan (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Stephen J. Wilcox (Feb 13)
- Re: Symantec detected Slammer worm "hours" before William Warren (Feb 13)
- RE: Symantec detected Slammer worm "hours" before Al Rowland (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Peter Salus (Feb 13)
- Re: Symantec detected Slammer worm "hours" before William Warren (Feb 13)
- Re: Symantec detected Slammer worm "hours" before k claffy (Feb 13)
- Re: Symantec detected Slammer worm "hours" before David Lesher (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Mike Lloyd (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Jack Bates (Feb 13)
- Bumps on the Net (was Re: Symantec detected Slammer worm "hours") Sean Donelan (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Martin Hannigan (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Krzysztof Adamski (Feb 13)
- Re: Symantec detected Slammer worm "hours" before Etaoin Shrdlu (Feb 13)
- The minutes seem like hours (was Re: Symantec detected Slammer worm "hours" before) Sean Donelan (Feb 14)
- Re: The minutes seem like hours (was Re: Symantec detected Slammer worm "hours" before) Mike Lewinski (Feb 15)
- Re: The minutes seem like hours (was Re: Symantec detected Slammer worm "hours" before) Peter Salus (Feb 15)
- Re: The minutes seem like hours (was Re: Symantec detected Slammer worm "hours" before) William Warren (Feb 15)
- The minutes seem like hours (was Re: Symantec detected Slammer worm "hours" before) Sean Donelan (Feb 14)
- Re: Symantec detected Slammer worm "hours" before Stephen J. Wilcox (Feb 13)
- RE: Symantec detected Slammer worm "hours" before Terry Baranski (Feb 23)
- Re: Symantec detected Slammer worm "hours" before Glen Fillmore (Feb 24)