On Sat, 18 Oct 2003 12:07:14 -0700 (PDT), "S G Masood" <[EMAIL PROTECTED]> said: > > --- Hoho <[EMAIL PROTECTED]> wrote: > > On Fri, 2003-10-17 at 22:44, jkm wrote: > > > Quote 2: > > > "AT&T saw anomalies in its network three to four > > weeks before that worm > > > hit and was able to take certain precautions. > > "When the worm actually > > > happened, AT&T's network did not take a hit,'' > > Eslambolchi said." > > > > > > Doesn't it seem like they're trying to violate > > causality? If the worm > > doesn't exist yet, then its associated traffic > > doesn't exist yet, hence > > there's nothing to detect. > > > ...unless they had insider information that a worm > that exploits certain "anomalies" would be released in > "three to four weeks" :). > I didn't see the original article but maybe they are > referring to the DCOM worm brigade which was > anticipated and awaited weeks before it hit. > > > -- > S.G.Masood > Hyderabad, > India. >
They are actually referring to the MS-SQL Slammer worm. Full quotation which I should have put up. "As an example, Eslambolchi points to the MS-SQL Slammer worm, which was reported on the Internet in January. AT&T saw anomalies in its network three to four weeks before that worm hit and was able to take certain precautions. "When the worm actually happened, AT&T's network did not take a hit,'' Eslambolchi said." -- jkm [EMAIL PROTECTED] -- http://www.fastmail.fm - Access your email from home and the web _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
