Symantec detected Slammer worm "hours" before
Glen Fillmore
fillmorg at nbnet.nb.ca
Mon Feb 24 15:21:54 UTC 2003
Another anomaly detection product and its proactive/reactive response to the
Slammer Worm.
http://www.q1labs.com/qvision_slammer_white_paper.pdf
Glen
----- Original Message -----
From: "Terry Baranski" <terry at eurocompton.net>
To: <nanog at merit.edu>
Sent: Sunday, February 23, 2003 4:37 PM
Subject: RE: Symantec detected Slammer worm "hours" before
>
> Apologies if this is old news. It's from Thursday, but I didn't see it
> until today.
>
> Symantec comes clean.... Somewhat:
>
> http://www.theregister.co.uk/content/56/29406.html
>
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> Sean Donelan
> Sent: Thursday, February 13, 2003 12:00 PM
> To: nanog at merit.edu
> Subject: Symantec detected Slammer worm "hours" before
>
>
>
>
> Wow, Symantec is making an amazing claim. They were able to detect the
> slammer worm "hours" before. Did anyone receive early alerts from
> Symantec about the SQL slammer worm hours earlier? Academics have
> estimated the worm spread world-wide, and reached its maximum scanning
> rate in less than 10 minutes.
>
> I assume Symantec has some data to back up their claim.
>
> http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0
> "For example, the DeepSight Threat Management System discovered the
> Slammer worm hours before it began rapidly propagating. Symantec's
> DeepSight Threat Management System then delivered timely alerts and
> procedures, enabling administrators to protect against the attack
> before their environment was compromised."
>
More information about the NANOG
mailing list