On 18 Oct 2003 12:27:23 -0400, "Hoho" <[EMAIL PROTECTED]> said: > On Fri, 2003-10-17 at 22:44, jkm wrote: > > Quote 2: > > "AT&T saw anomalies in its network three to four weeks before that worm > > hit and was able to take certain precautions. "When the worm actually > > happened, AT&T's network did not take a hit,'' Eslambolchi said." > > > Doesn't it seem like they're trying to violate causality? If the worm > doesn't exist yet, then its associated traffic doesn't exist yet, hence > there's nothing to detect. Wonder what those 'anomalies' were. Seems no > more effective than just watching MS security patches and reading FD. > --
Yeah, I agree unless as other threads are saying, the worm author releases a test worm. I wonder if it would in fact catch script kiddies and other criminal traffic, thus actually acting as an intrusion detection system? -- jkm [EMAIL PROTECTED] -- http://www.fastmail.fm - Consolidate POP email and Hotmail in one place _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
