nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Symantec detected Slammer worm "hours" before

From: "Glen Fillmore" <fillmorg () nbnet nb ca>
Date: Mon, 24 Feb 2003 11:21:54 -0400

Another anomaly detection product and its proactive/reactive response to the
Slammer Worm.

http://www.q1labs.com/qvision_slammer_white_paper.pdf



Glen

----- Original Message -----
From: "Terry Baranski" <terry () eurocompton net>
To: <nanog () merit edu>
Sent: Sunday, February 23, 2003 4:37 PM
Subject: RE: Symantec detected Slammer worm "hours" before




Apologies if this is old news.  It's from Thursday, but I didn't see it
until today.

Symantec comes clean.... Somewhat:

http://www.theregister.co.uk/content/56/29406.html

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
Sean Donelan
Sent: Thursday, February 13, 2003 12:00 PM
To: nanog () merit edu
Subject: Symantec detected Slammer worm "hours" before




Wow, Symantec is making an amazing claim.  They were able to detect the
slammer worm "hours" before.  Did anyone receive early alerts from
Symantec about the SQL slammer worm hours earlier?  Academics have
estimated the worm spread world-wide, and reached its maximum scanning
rate in less than 10 minutes.

I assume Symantec has some data to back up their claim.

http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0
  "For example, the DeepSight Threat Management System discovered the
  Slammer worm hours before it began rapidly propagating. Symantec's
  DeepSight Threat Management System then delivered timely alerts and
  procedures, enabling administrators to protect against the attack
  before their environment was compromised."
Previous By Date Next
Previous By Thread Next

Current thread: