[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] AT&T early warning system

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] AT&T early warning system
From: "jkm" <jkmanowar9@fastmail.fm>
Date: Sun, 19 Oct 2003 17:02:18 -0800

On 18 Oct 2003 12:27:23 -0400, "Hoho" <hoho@tacomeat.net> said:
> On Fri, 2003-10-17 at 22:44, jkm wrote:
> > Quote 2:
> > "AT&T saw anomalies in its network three to four weeks before that worm
> > hit and was able to take certain precautions. "When the worm actually
> > happened, AT&T's network did not take a hit,'' Eslambolchi said."
> 
> 
> Doesn't it seem like they're trying to violate causality? If the worm
> doesn't exist yet, then its associated traffic doesn't exist yet, hence
> there's nothing to detect. Wonder what those 'anomalies' were. Seems no
> more effective than just watching MS security patches and reading FD.
> -- 

Yeah, I agree unless as other threads are saying, the worm author
releases a test worm. I wonder if it would in fact catch script kiddies
and other criminal traffic, thus actually acting as an intrusion
detection system?
-- 
  jkm
  jkmanowar9@fastmail.fm

-- 
http://www.fastmail.fm - Consolidate POP email and Hotmail in one place

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] AT&T early warning system
  - From: Steve Wray <steve.wray@paradise.net.nz>

References:
- [Full-Disclosure] AT&T early warning system
  - From: "jkm" <jkmanowar9@fastmail.fm>
- Re: [Full-Disclosure] AT&T early warning system
  - From: Hoho <hoho@tacomeat.net>

Prev by Date: RE: [Full-Disclosure] Windows covert channel
Next by Date: Re: [Full-Disclosure] Windows covert channel
Previous by thread: RE: [Full-Disclosure] AT&T early warning system
Next by thread: RE: [Full-Disclosure] AT&T early warning system
Index(es):
- Date
- Thread