[Dshield] [giac-alumni] 2/3 rds of PC's Compromised???

Deb Hale haled at pionet.net
Fri Apr 4 18:48:35 GMT 2008

Sounds like a good idea to me J.  And SANSFire is just the place.  And I
plan on making it this year.


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Johannes Ullrich
Sent: Friday, April 04, 2008 9:12 AM
To: General DShield Discussion List
Cc: GIAC Alumni List
Subject: Re: [Dshield] [giac-alumni] 2/3 rds of PC's Compromised???

Hash: RIPEMD160

I don't think its 30-60%. Maybe 10%? But then again. The definition is  
"remote control not intended by the user", which is more then "bots  
and other malware". For example, a lot of PCs come with "support"  
accounts and the user has no idea they exist.

I suggest a little experiment for a SANS conference: Could we find a  
group of volunteers who would do a thorough configuration check of  
laptops brought in by students? Maybe to go along with a good audit of  
traffic on the hotel network? I think that would be an interesting  
exercise. The goal would be to explain as much of the traffic as  
possible on the hotel network (I don't expect to be able to "explain"  
all of it). I actually think either project would be a great basis for  
a GIAC Gold paper ;-). SANSFIRE anyone?

I think these days, your standard PC is rather "noisy" on the network  
and it can be challenging to figure out every single packet it sends.  
But if you can't do that: How do you identify bad traffic?

- ---------
SANS 2008 - Orlando, FL; 41 courses, April 18-25

Version: GnuPG v1.4.7 (Darwin)


SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up north
if you can be in New Orleans.  http://www.sans.org/info/15826

More information about the list mailing list