According to Wired, Symantec is now saying they sent out an alert to their
paying customers about 30 minutes (9pm PST) before the SQL slammer worm
was detected by anyone else around 9:30pm PST.
I have not seen a copy of the Symantec message.
The first problem report on Nanog was 13 minutes after the worm was widely
detected at 12:43amEST (9:43pm PST) concerning Level 3 issues. The first
Nanog report about port 1434 was 1:28am EST. There was some discussion on
some private mail lists earlier, but I have not seen any reports prior to
9:25pm PST (12:25am EST or 05:25 UTC). I suspect some of the early
firewall logs were clock skew issues, so 05:30 UTC plus or minus 5