Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Symantec detected Slammer worm "hours" before

  • From: Al Rowland
  • Date: Thu Feb 13 12:30:01 2003

Not to mention that most firewalls and IDSs that DeepSight relies on
didn't flag on 1434 before Slammer.

Best regards,
______________________________
Al Rowland

> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On 
> Behalf Of William Warren
> Sent: Thursday, February 13, 2003 9:17 AM
> To: nanog@merit.edu
> Subject: Re: Symantec detected Slammer worm "hours" before
> 
> 
> 
> really? wow then according to their press release none of their 
> Deepsight customers were compromised because of this early 
> warning?  I 
> bet that can be debunked fairly quickly.  Let's se what falls 
> out of the 
> busy once it is shaken a bit.
> 
> 
> Stephen J. Wilcox wrote:
> > 
> > I saw this mentioned in an article a day or two after the attack.
> > 
> > 
> > Clearly they are wrong about this (lying or mistaken), for 
> as you say 
> > the speed of propogation means that a single infected host 
> would have 
> > infected the whole internet in minutes which means we all see the 
> > first packets at almost exactly the same time.
> > 
> >>From the context it is written below, this seems a cheap stunt to 
> >>promote their
> > service.
> > 
> > Steve
> > 
> > On Thu, 13 Feb 2003, Sean Donelan wrote:
> > 
> > 
> >>
> >>Wow, Symantec is making an amazing claim.  They were able to detect 
> >>the slammer worm "hours" before.  Did anyone receive early 
> alerts from 
> >>Symantec about the SQL slammer worm hours earlier?  Academics have 
> >>estimated the worm spread world-wide, and reached its 
> maximum scanning 
> >>rate in less than 10 minutes.
> >>
> >>I assume Symantec has some data to back up their claim.
> >>
> >>http://enterprisesecurity.symantec.com/content.cfm?articleid
=1985&EID=
>>0
>>  "For example, the DeepSight Threat Management System discovered the
>>  Slammer worm hours before it began rapidly propagating. Symantec's
>>  DeepSight Threat Management System then delivered timely alerts and
>>  procedures, enabling administrators to protect against the attack
>>  before their environment was compromised."
>>
>>
> 
> 
> 
> 


-- 
May God Bless you and everything you touch.

My "foundation" verse:
Isaiah 54:17 No weapon that is formed against thee shall prosper; and 
every tongue that shall rise against thee in judgment thou shalt 
condemn. This is the heritage of the servants of the LORD, and their 
righteousness is of me, saith the LORD.






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.