On Thu, 13 Feb 2003, Mike Lloyd wrote:
> You added comment on a fiber cut in that time period - can you offer
> more detail? Barry mentioned another roughly simultaneous attack in
> Korea. One other theory, of course, would be trial runs of the worm,
> perhaps with restricted PRNG to localize at
Dear colleagues
APNIC received IPv4 address blocks 222/8 and 223/8 from IANA in February 2003
and will be making allocations from these ranges in the near future.
This announcement is being made for the information of the Internet
community so that network configurations such as routing filters
Sean Donelan wrote:
>
> Wow, Symantec is making an amazing claim. They were able to detect
> the slammer worm "hours" before. Did anyone receive early alerts from
> Symantec about the SQL slammer worm hours earlier? Academics have
> estimated the worm spread world-wide, and reached its maximum
On Thu, 13 Feb 2003, Martin Hannigan wrote:
>
> On Thu, Feb 13, 2003 at 11:59:48AM -0500, Sean Donelan wrote:
> >
> >
> > Wow, Symantec is making an amazing claim. They were able to detect
> > the slammer worm "hours" before. Did anyone receive early alerts from
> > Symantec about the SQL sl
At 17:26 12/02/2003 -0800, David Conrad wrote:
Any parties planned for finishing off the class C space? :-)
197/8 and 201/8 are still available. So hold off on that party for a while. ;-)
philip
--
Rgds,
-drc
On Thu, Feb 13, 2003 at 11:59:48AM -0500, Sean Donelan wrote:
>
>
> Wow, Symantec is making an amazing claim. They were able to detect
> the slammer worm "hours" before. Did anyone receive early alerts from
> Symantec about the SQL slammer worm hours earlier? Academics have
> estimated the wo
[david not on nanog list so am forwarding for him]
- Forwarded message from David Moore <[EMAIL PROTECTED]> -
Date: Thu, 13 Feb 2003 10:42:18 -0800
From: David Moore <[EMAIL PROTECTED]>
Subject: Re: Symantec detected Slammer worm "hours" before
To: k claffy <[EMAIL PROTECTED]
This is a little off the topic, but it still applies. As such, feel free to
respond to me personally on this.
I am working on some research for one of my university classes on TCP/IP.
Later in the semester we will be discussing OSPF and BGP4. I am editing my
teachers notes on the subject becaus
From: "Mike Lloyd"
> You added comment on a fiber cut in that time period - can you offer
> more detail? Barry mentioned another roughly simultaneous attack in
> Korea. One other theory, of course, would be trial runs of the worm,
> perhaps with restricted PRNG to localize attack. I've seen no
DeepSight is SecurityFocus. Their claim may have some truth in it. But, so
does the 19000+ partners. They mean customersbut not necessarily
customers/ subscribers to DeepSight. (they may have 'accidentally' included
all their SecurityFocus lists' subscribers in that number as well
:). T
Sean,
I agree that this claim is innately suspect - I've seen a few
opportunistic press releases on this, at least some of which are clearly
false.
Now at the Security BOF in Phoenix, Avi and I both showed some data with
anomalies prior to the well-known onset time. Unfortunately, the
anoma
If the author had any sense of irony at all; I bet we'd
find Patient Zero was in Redmond.
--
A host is a host from coast to [EMAIL PROTECTED]
& no one will talk to a host that's close[v].(301) 56-LINUX
Unless the host (that isn't close).pob 1433
is busy, hung or
On Thu, Feb 13, 2003 at 11:59:48AM -0500, Sean Donelan wrote:
davidmoore certainly thought it was cute when he saw it last nite:
david is impressed that deepsight was tracking the worm "hours before
it began propagating".
david says, "What, did the worm author call them up and tell them,
I attribute this to over-zealous marketing. As I
mentioned at the NANOG BoF, there is, indeed, a
decrease in latency about 6 hours prior to the
actual mass attack. Mike Lloyd (RouteScience)
saw this, too. There's also a decrease about
16 hours out. Sean suggested that they might be
attrib
Not to mention that most firewalls and IDSs that DeepSight relies on
didn't flag on 1434 before Slammer.
Best regards,
__
Al Rowland
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
> Behalf Of William Warren
> Sent: Thursday, Febr
really? wow then according to their press release none of their
Deepsight customers were compromised because of this early warning? I
bet that can be debunked fairly quickly. Let's se what falls out of the
busy once it is shaken a bit.
Stephen J. Wilcox wrote:
I saw this mentioned in an ar
I saw this mentioned in an article a day or two after the attack.
Clearly they are wrong about this (lying or mistaken), for as you say the speed
of propogation means that a single infected host would have infected the whole
internet in minutes which means we all see the first packets at almost
Wow, Symantec is making an amazing claim. They were able to detect
the slammer worm "hours" before. Did anyone receive early alerts from
Symantec about the SQL slammer worm hours earlier? Academics have
estimated the worm spread world-wide, and reached its maximum scanning
rate in less than 10
Don't forget that the signaling agents that drive the DSPs also contribute to load on
the host / control CPU.
We have found that this can be a very willing consumer of utilization on the platforms
under discussion... folks with super low hold calls would be the ones likely to be
challenged by
Hi, NANOGers.
As announced by John Crain earlier today, IANA has allocated 222/8
and 223/8 to APNIC as of February 2003. The sundry bogon projects
have been updated to reflect these allocations. You will find the
catch-all Bogon Reference Page here:
http://www.cymru.com/Bogons/index.html
This
Jeffrey Wheat <[EMAIL PROTECTED]> writes:
>
>I am trying to find an IPv6 subnet calculator or even a "cheat sheet" that
>will help show how a /32 allocation is broken down into /40, /48 and /64
>subnets. Has anyone found such a tool? I have been using the NorthStar
>web based database tool for dea
On Wed, Feb 12, 2003 at 04:09:04PM -0700, Irwin Lazar wrote:
>
> Try:
> http://freshmeat.net/projects/sipcalc/?topic_id=150
And if anyone has any feature requests/bug reports I'm always open to
suggestions. :)
--
Simon
22 matches
Mail list logo
