Home page logo
/

nanog logo nanog mailing list archives

RE: Symantec detected Slammer worm "hours" before
From: "Al Rowland" <alan_r1 () corp earthlink net>
Date: Thu, 13 Feb 2003 09:27:41 -0800


Not to mention that most firewalls and IDSs that DeepSight relies on
didn't flag on 1434 before Slammer.

Best regards,
______________________________
Al Rowland

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On 
Behalf Of William Warren
Sent: Thursday, February 13, 2003 9:17 AM
To: nanog () merit edu
Subject: Re: Symantec detected Slammer worm "hours" before



really? wow then according to their press release none of their 
Deepsight customers were compromised because of this early 
warning?  I 
bet that can be debunked fairly quickly.  Let's se what falls 
out of the 
busy once it is shaken a bit.


Stephen J. Wilcox wrote:

I saw this mentioned in an article a day or two after the attack.


Clearly they are wrong about this (lying or mistaken), for 
as you say 
the speed of propogation means that a single infected host 
would have 
infected the whole internet in minutes which means we all see the 
first packets at almost exactly the same time.

From the context it is written below, this seems a cheap stunt to 
promote their
service.

Steve

On Thu, 13 Feb 2003, Sean Donelan wrote:



Wow, Symantec is making an amazing claim.  They were able to detect 
the slammer worm "hours" before.  Did anyone receive early 
alerts from 
Symantec about the SQL slammer worm hours earlier?  Academics have 
estimated the worm spread world-wide, and reached its 
maximum scanning 
rate in less than 10 minutes.

I assume Symantec has some data to back up their claim.

http://enterprisesecurity.symantec.com/content.cfm?articleid
=1985&EID=
0
 "For example, the DeepSight Threat Management System discovered the
 Slammer worm hours before it began rapidly propagating. Symantec's
 DeepSight Threat Management System then delivered timely alerts and
 procedures, enabling administrators to protect against the attack
 before their environment was compromised."








-- 
May God Bless you and everything you touch.

My "foundation" verse:
Isaiah 54:17 No weapon that is formed against thee shall prosper; and 
every tongue that shall rise against thee in judgment thou shalt 
condemn. This is the heritage of the servants of the LORD, and their 
righteousness is of me, saith the LORD.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]