[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] AT&T early warning system

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] AT&T early warning system
From: Jimmy Alderson <jimmy@digitalguardian.net>
Date: Wed, 22 Oct 2003 13:58:03 -0400

On Sat, Oct 18, 2003 at 12:27:23PM -0400, Hoho wrote:
> 
> Doesn't it seem like they're trying to violate causality? If the worm
> doesn't exist yet, then its associated traffic doesn't exist yet, hence
> there's nothing to detect. Wonder what those 'anomalies' were. Seems no
> more effective than just watching MS security patches and reading FD.
> -- 

Perhaps they were using memetic trending, which does violate causality,
but works pretty well nonetheless.

-Jimmy

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] AT&T early warning system
  - From: "jkm" <jkmanowar9@fastmail.fm>
- Re: [Full-Disclosure] AT&T early warning system
  - From: Hoho <hoho@tacomeat.net>

Prev by Date: [Full-Disclosure] Need help to find web server attacks signature
Next by Date: RE: [Full-Disclosure] RE: Linux (in)security
Previous by thread: RE: [Full-Disclosure] AT&T early warning system
Next by thread: [Full-Disclosure] [IE] Pure html DOS although some version require minor user interaction ( highlighting/minimising )
Index(es):
- Date
- Thread