[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <004c01c396c3$33520bf0$6101a8c0@fosi>
From: steve.wray at paradise.net.nz (Steve Wray)
Subject: AT&T early warning system
And, contrary to one other post on the topic,
it shouldn't be to hard to perform a trial run;
If one made the worms code modular enough
that one could plug in a variety of "victim finding" code
stubs.
This way, one could plug in a fixed list of targets,
(which one owned oneself so that one could watch how
they responded).
Once one had the field test working one would then replace
the stub with real "victim finder" code and away it goes...
Advantage; better testing.
Disadvantage; what if people detect the trial runs?
Ummmm actually, as a sysadmin I think I might swap the
Advantage/Disadvantage there!
:)
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of jkm
> Sent: Monday, 20 October 2003 2:02 p.m.
> To: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] AT&T early warning system
>
>
>
> On 18 Oct 2003 12:27:23 -0400, "Hoho" <hoho@...omeat.net> said:
> > On Fri, 2003-10-17 at 22:44, jkm wrote:
> > > Quote 2:
> > > "AT&T saw anomalies in its network three to four weeks
> before that worm
> > > hit and was able to take certain precautions. "When the
> worm actually
> > > happened, AT&T's network did not take a hit,'' Eslambolchi said."
> >
> >
> > Doesn't it seem like they're trying to violate causality?
> If the worm
> > doesn't exist yet, then its associated traffic doesn't
> exist yet, hence
> > there's nothing to detect. Wonder what those 'anomalies'
> were. Seems no
> > more effective than just watching MS security patches and
> reading FD.
> > --
>
> Yeah, I agree unless as other threads are saying, the worm author
> releases a test worm. I wonder if it would in fact catch
> script kiddies
> and other criminal traffic, thus actually acting as an intrusion
> detection system?
Powered by blists - more mailing lists