Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Symantec detected Slammer worm "hours" before

  • From: Krzysztof Adamski
  • Date: Thu Feb 13 23:23:01 2003

On Thu, 13 Feb 2003, Martin Hannigan wrote:

> 
> On Thu, Feb 13, 2003 at 11:59:48AM -0500, Sean Donelan wrote:
> > 
> > 
> > Wow, Symantec is making an amazing claim.  They were able to detect
> > the slammer worm "hours" before.  Did anyone receive early alerts from
> > Symantec about the SQL slammer worm hours earlier?  Academics have
> > estimated the worm spread world-wide, and reached its maximum scanning
> > rate in less than 10 minutes.
> > 
> > I assume Symantec has some data to back up their claim.
> > 
> > http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0
> >   "For example, the DeepSight Threat Management System discovered the
> >   Slammer worm hours before it began rapidly propagating. Symantec's
> >   DeepSight Threat Management System then delivered timely alerts and
> >   procedures, enabling administrators to protect against the attack
> >   before their environment was compromised."
> > 
> 
> 
> One way they could have known about it is that some of their
> customers got nailed _and called them_.
> 
> The other is IDS signature. I'm not sure if there was one already
> out there that would have caught this, but if the customers were
> calling they would have been able to create one quickly, as
> people did.
> 
> If there's no alarm, no event tripped, there is no correlation
> data.

An other possibility is that they wrote the slammer them self so they had
early knowledge of it :-)

K





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.