[Dshield] [giac-alumni] 2/3 rds of PC's Compromised???
haled at pionet.net
Fri Apr 4 18:48:35 GMT 2008
Sounds like a good idea to me J. And SANSFire is just the place. And I
plan on making it this year.
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Johannes Ullrich
Sent: Friday, April 04, 2008 9:12 AM
To: General DShield Discussion List
Cc: GIAC Alumni List
Subject: Re: [Dshield] [giac-alumni] 2/3 rds of PC's Compromised???
-----BEGIN PGP SIGNED MESSAGE-----
I don't think its 30-60%. Maybe 10%? But then again. The definition is
"remote control not intended by the user", which is more then "bots
and other malware". For example, a lot of PCs come with "support"
accounts and the user has no idea they exist.
I suggest a little experiment for a SANS conference: Could we find a
group of volunteers who would do a thorough configuration check of
laptops brought in by students? Maybe to go along with a good audit of
traffic on the hotel network? I think that would be an interesting
exercise. The goal would be to explain as much of the traffic as
possible on the hotel network (I don't expect to be able to "explain"
all of it). I actually think either project would be a great basis for
a GIAC Gold paper ;-). SANSFIRE anyone?
I think these days, your standard PC is rather "noisy" on the network
and it can be challenging to figure out every single packet it sends.
But if you can't do that: How do you identify bad traffic?
SANS 2008 - Orlando, FL; 41 courses, April 18-25
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
-----END PGP SIGNATURE-----
SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up north
if you can be in New Orleans. http://www.sans.org/info/15826
More information about the list