Re: Did IDSes detect the SQL worm?

From: Kurt Seifried (bt@seifried.org)
Date: 01/30/03

Next message: supersekuritydude@hushmail.com: "Sapphire worm and Real Secure Server Sensor"

Previous message: Rob Shein: "RE: Active response... some thoughts."
In reply to: Scott C. Kennedy: "Re: Did IDSes detect the SQL worm?"
Next in thread: Gonzalez, Albert: "RE: Did IDSes detect the SQL worm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Kurt Seifried" <bt@seifried.org>
To: <focus-ids@securityfocus.com>
Date: Thu, 30 Jan 2003 13:06:51 -0800

So it appears that a lot of IDS systems detected this worm and alerted
people. Did this actually help much? I imagine by the time most admins got
the alert if they had vulnerable machines/networks they were already falling
apart under the load of packets. Does anyone have a success story with
respect to an IDS, vulnerable servers, and this attack?

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

Next message: supersekuritydude@hushmail.com: "Sapphire worm and Real Secure Server Sensor"
Previous message: Rob Shein: "RE: Active response... some thoughts."
In reply to: Scott C. Kennedy: "Re: Did IDSes detect the SQL worm?"
Next in thread: Gonzalez, Albert: "RE: Did IDSes detect the SQL worm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]