Apologies if this is old news. It's from Thursday, but I didn't see it until today. Symantec comes clean.... Somewhat: http://www.theregister.co.uk/content/56/29406.html -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Sean Donelan Sent: Thursday, February 13, 2003 12:00 PM To: nanog@merit.edu Subject: Symantec detected Slammer worm "hours" before Wow, Symantec is making an amazing claim. They were able to detect the slammer worm "hours" before. Did anyone receive early alerts from Symantec about the SQL slammer worm hours earlier? Academics have estimated the worm spread world-wide, and reached its maximum scanning rate in less than 10 minutes. I assume Symantec has some data to back up their claim. http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0 "For example, the DeepSight Threat Management System discovered the Slammer worm hours before it began rapidly propagating. Symantec's DeepSight Threat Management System then delivered timely alerts and procedures, enabling administrators to protect against the attack before their environment was compromised."