[55861] in North American Network Operators' Group
Re: Symantec detected Slammer worm "hours" before
daemon@ATHENA.MIT.EDU (Peter Salus)
Thu Feb 13 12:31:21 2003
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: Sean Donelan <sean@donelan.com>, nanog@merit.edu
In-reply-to: Your message of "Thu, 13 Feb 2003 17:12:54 GMT."
<Pine.LNX.4.44.0302131710400.5531-100000@MrServer>
Date: Thu, 13 Feb 2003 11:28:52 -0600
From: Peter Salus <peter@matrix.net>
Errors-To: owner-nanog-outgoing@merit.edu
I attribute this to over-zealous marketing. As I
mentioned at the NANOG BoF, there is, indeed, a
decrease in latency about 6 hours prior to the
actual mass attack. Mike Lloyd (RouteScience)
saw this, too. There's also a decrease about
16 hours out. Sean suggested that they might be
attributed to cable cuts, but I don't have the
data to attempt correlation.
If Semantec's ouija board brought them news "hours"
earlier, they are behaving reprehensibly not to
have alerted the community.
Peter
