Full Disclosure mailing list archives
RE: AT&T early warning system
From: Steve Wray <steve.wray () paradise net nz>
Date: Mon, 20 Oct 2003 17:32:41 +1300
And, contrary to one other post on the topic, it shouldn't be to hard to perform a trial run; If one made the worms code modular enough that one could plug in a variety of "victim finding" code stubs. This way, one could plug in a fixed list of targets, (which one owned oneself so that one could watch how they responded). Once one had the field test working one would then replace the stub with real "victim finder" code and away it goes... Advantage; better testing. Disadvantage; what if people detect the trial runs? Ummmm actually, as a sysadmin I think I might swap the Advantage/Disadvantage there! :)
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of jkm Sent: Monday, 20 October 2003 2:02 p.m. To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] AT&T early warning system On 18 Oct 2003 12:27:23 -0400, "Hoho" <hoho () tacomeat net> said:On Fri, 2003-10-17 at 22:44, jkm wrote:Quote 2: "AT&T saw anomalies in its network three to four weeksbefore that wormhit and was able to take certain precautions. "When theworm actuallyhappened, AT&T's network did not take a hit,'' Eslambolchi said."Doesn't it seem like they're trying to violate causality?If the wormdoesn't exist yet, then its associated traffic doesn'texist yet, hencethere's nothing to detect. Wonder what those 'anomalies'were. Seems nomore effective than just watching MS security patches andreading FD.--Yeah, I agree unless as other threads are saying, the worm author releases a test worm. I wonder if it would in fact catch script kiddies and other criminal traffic, thus actually acting as an intrusion detection system?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: AT&T early warning system, (continued)
- Re: AT&T early warning system Jay Sulzberger (Oct 17)
- Re: AT&T early warning system jkm (Oct 17)
- Re: AT&T early warning system Hoho (Oct 18)
- Re: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system jkm (Oct 19)
- RE: AT&T early warning system Steve Wray (Oct 18)
- RE: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system Sascha Teifke (Oct 18)
- RE: AT&T early warning system Bruce Ediger (Oct 18)
- Re: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system jkm (Oct 19)
- RE: AT&T early warning system Steve Wray (Oct 19)
- Re: AT&T early warning system Jimmy Alderson (Oct 22)
- Re: AT&T early warning system Jay Sulzberger (Oct 17)