RE: [Full-Disclosure] [sean@donelan.com: Symantec detected Slammer worm "hours" before]

From: Jason Coombs (jasonc@science.org)
Date: 02/13/03

  • Next message: tecky@thedigitalrealities.com: "Re: [Full-Disclosure] [sean@donelan.com: Symantec detected Slammer worm "hours" before]" 
    From: "Jason Coombs" <jasonc@science.org>
To: "Len Rose" <len@netsys.com>, <full-disclosure@lists.netsys.com>
Date: Thu, 13 Feb 2003 09:00:27 -1000

    Whether or not DeepSight fielded a few nibbles from Sapphire before its
    first successful penetration occurred, one has to ask the question "who
    cares?"

    If DeepSight couldn't tell administrators that their boxes exposed a
    critical remote exploitable well-known buffer overflow vulnerability then
    what good is it?

    How can hundreds of thousands of smart people all focused on system
    administration, programming, and infosec keep missing the simplest of
    security flaws?

    http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0p;&nbsp;These files will probably be moved into the s "For example, the DeepSight Threat Management System discovered the
      "For example, the DeepSight Threat Management System discovered the
      Slammer worm hours before it began rapidly propagating. Symantec's
      DeepSight Threat Management System then delivered timely alerts and
      procedures, enabling administrators to protect against the attack
      before their environment was compromised."

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    • Quantcast