Another anomaly detection product and its proactive/reactive response to the Slammer Worm.
http://www.q1labs.com/qvision_slammer_white_paper.pdf Glen ----- Original Message ----- From: "Terry Baranski" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 23, 2003 4:37 PM Subject: RE: Symantec detected Slammer worm "hours" before > > Apologies if this is old news. It's from Thursday, but I didn't see it > until today. > > Symantec comes clean.... Somewhat: > > http://www.theregister.co.uk/content/56/29406.html > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Sean Donelan > Sent: Thursday, February 13, 2003 12:00 PM > To: [EMAIL PROTECTED] > Subject: Symantec detected Slammer worm "hours" before > > > > > Wow, Symantec is making an amazing claim. They were able to detect the > slammer worm "hours" before. Did anyone receive early alerts from > Symantec about the SQL slammer worm hours earlier? Academics have > estimated the worm spread world-wide, and reached its maximum scanning > rate in less than 10 minutes. > > I assume Symantec has some data to back up their claim. > > http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0 > "For example, the DeepSight Threat Management System discovered the > Slammer worm hours before it began rapidly propagating. Symantec's > DeepSight Threat Management System then delivered timely alerts and > procedures, enabling administrators to protect against the attack > before their environment was compromised." >