lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200302131808.h1DI8GA15230@mail.secnap.net>
From: scheidell at secnap.net (Michael Scheidell)
Subject: [sean@...elan.com: Symantec detected Slammer worm
 "hours" before]

> 
> Wow, Symantec is making an amazing claim.  They were able to detect
> the slammer worm "hours" before.  Did anyone receive early alerts from
> Symantec about the SQL slammer worm hours earlier?  Academics have
> estimated the worm spread world-wide, and reached its maximum scanning
> rate in less than 10 minutes.

It might be possible that they saw some of the initial 'load' traffic,
source port 69, or src port 53, dst port udp 1434, but this was mostly
some code almost 100% based on the litchfield exploit.

(oh, we saw it on December 19th and DID notify several IPS's and have
the logs to prove it)

-- 
Michael Scheidell, CEO
SECNAP Network Security, LLC 
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ