Symantec detected Slammer worm "hours" before
Stephen J. Wilcox
steve at telecomplete.co.uk
Thu Feb 13 17:12:54 UTC 2003
I saw this mentioned in an article a day or two after the attack.
Clearly they are wrong about this (lying or mistaken), for as you say the speed
of propogation means that a single infected host would have infected the whole
internet in minutes which means we all see the first packets at almost exactly
the same time.
>From the context it is written below, this seems a cheap stunt to promote their
service.
Steve
On Thu, 13 Feb 2003, Sean Donelan wrote:
>
>
> Wow, Symantec is making an amazing claim. They were able to detect
> the slammer worm "hours" before. Did anyone receive early alerts from
> Symantec about the SQL slammer worm hours earlier? Academics have
> estimated the worm spread world-wide, and reached its maximum scanning
> rate in less than 10 minutes.
>
> I assume Symantec has some data to back up their claim.
>
> http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0
> "For example, the DeepSight Threat Management System discovered the
> Slammer worm hours before it began rapidly propagating. Symantec's
> DeepSight Threat Management System then delivered timely alerts and
> procedures, enabling administrators to protect against the attack
> before their environment was compromised."
>
>
More information about the NANOG
mailing list