Full Disclosure mailing list archives

RE: AT&T early warning system

From: Steve Wray <steve.wray () paradise net nz>
Date: Mon, 20 Oct 2003 17:32:41 +1300

And, contrary to one other post on the topic,
it shouldn't be to hard to perform a trial run;

If one made the worms code modular enough
that one could plug in a variety of "victim finding" code 
stubs.

This way, one could plug in a fixed list of targets,
(which one owned oneself so that one could watch how
they responded). 

Once one had the field test working one would then replace 
the stub with real "victim finder" code and away it goes...

Advantage; better testing.
Disadvantage; what if people detect the trial runs?

Ummmm actually, as a sysadmin I think I might swap the
Advantage/Disadvantage there!
:)

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of jkm
Sent: Monday, 20 October 2003 2:02 p.m.
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] AT&T early warning system



On 18 Oct 2003 12:27:23 -0400, "Hoho" <hoho () tacomeat net> said:

On Fri, 2003-10-17 at 22:44, jkm wrote:

Quote 2:
"AT&T saw anomalies in its network three to four weeks

before that worm

hit and was able to take certain precautions. "When the

worm actually

happened, AT&T's network did not take a hit,'' Eslambolchi said."



Doesn't it seem like they're trying to violate causality?

If the worm

doesn't exist yet, then its associated traffic doesn't

exist yet, hence

there's nothing to detect. Wonder what those 'anomalies'

were. Seems no

more effective than just watching MS security patches and

reading FD.

--


Yeah, I agree unless as other threads are saying, the worm author
releases a test worm. I wonder if it would in fact catch 
script kiddies
and other criminal traffic, thus actually acting as an intrusion
detection system?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: AT&T early warning system, (continued)
- Re: AT&T early warning system Jay Sulzberger (Oct 17)
  - Re: AT&T early warning system jkm (Oct 17)
- Re: AT&T early warning system Hoho (Oct 18)
  - Re: AT&T early warning system S G Masood (Oct 18)
    - Re: AT&T early warning system jkm (Oct 19)
  - RE: AT&T early warning system Steve Wray (Oct 18)
    - RE: AT&T early warning system S G Masood (Oct 18)
    - Re: AT&T early warning system Sascha Teifke (Oct 18)
    - RE: AT&T early warning system Bruce Ediger (Oct 18)
  - Re: AT&T early warning system jkm (Oct 19)
    - RE: AT&T early warning system Steve Wray (Oct 19)
  - Re: AT&T early warning system Jimmy Alderson (Oct 22)