North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Symantec detected Slammer worm "hours" before
I saw this mentioned in an article a day or two after the attack. Clearly they are wrong about this (lying or mistaken), for as you say the speed of propogation means that a single infected host would have infected the whole internet in minutes which means we all see the first packets at almost exactly the same time. >From the context it is written below, this seems a cheap stunt to promote their service. Steve On Thu, 13 Feb 2003, Sean Donelan wrote: > > > Wow, Symantec is making an amazing claim. They were able to detect > the slammer worm "hours" before. Did anyone receive early alerts from > Symantec about the SQL slammer worm hours earlier? Academics have > estimated the worm spread world-wide, and reached its maximum scanning > rate in less than 10 minutes. > > I assume Symantec has some data to back up their claim. > > http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0 > "For example, the DeepSight Threat Management System discovered the > Slammer worm hours before it began rapidly propagating. Symantec's > DeepSight Threat Management System then delivered timely alerts and > procedures, enabling administrators to protect against the attack > before their environment was compromised." > >
|