[56098] in North American Network Operators' Group
Re: Symantec detected Slammer worm "hours" before
daemon@ATHENA.MIT.EDU (Glen Fillmore)
Mon Feb 24 10:25:37 2003
From: "Glen Fillmore" <fillmorg@nbnet.nb.ca>
To: <nanog@merit.edu>
Date: Mon, 24 Feb 2003 11:21:54 -0400
Errors-To: owner-nanog-outgoing@merit.edu
Another anomaly detection product and its proactive/reactive response to the
Slammer Worm.
http://www.q1labs.com/qvision_slammer_white_paper.pdf
Glen
----- Original Message -----
From: "Terry Baranski" <terry@eurocompton.net>
To: <nanog@merit.edu>
Sent: Sunday, February 23, 2003 4:37 PM
Subject: RE: Symantec detected Slammer worm "hours" before
>
> Apologies if this is old news. It's from Thursday, but I didn't see it
> until today.
>
> Symantec comes clean.... Somewhat:
>
> http://www.theregister.co.uk/content/56/29406.html
>
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
> Sean Donelan
> Sent: Thursday, February 13, 2003 12:00 PM
> To: nanog@merit.edu
> Subject: Symantec detected Slammer worm "hours" before
>
>
>
>
> Wow, Symantec is making an amazing claim. They were able to detect the
> slammer worm "hours" before. Did anyone receive early alerts from
> Symantec about the SQL slammer worm hours earlier? Academics have
> estimated the worm spread world-wide, and reached its maximum scanning
> rate in less than 10 minutes.
>
> I assume Symantec has some data to back up their claim.
>
> http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0
> "For example, the DeepSight Threat Management System discovered the
> Slammer worm hours before it began rapidly propagating. Symantec's
> DeepSight Threat Management System then delivered timely alerts and
> procedures, enabling administrators to protect against the attack
> before their environment was compromised."
>
