[Dshield] [giac-alumni] 2/3 rds of PC's Compromised???

Johannes Ullrich jullrich at sans.org
Fri Apr 4 14:12:01 GMT 2008

Hash: RIPEMD160

I don't think its 30-60%. Maybe 10%? But then again. The definition is  
"remote control not intended by the user", which is more then "bots  
and other malware". For example, a lot of PCs come with "support"  
accounts and the user has no idea they exist.

I suggest a little experiment for a SANS conference: Could we find a  
group of volunteers who would do a thorough configuration check of  
laptops brought in by students? Maybe to go along with a good audit of  
traffic on the hotel network? I think that would be an interesting  
exercise. The goal would be to explain as much of the traffic as  
possible on the hotel network (I don't expect to be able to "explain"  
all of it). I actually think either project would be a great basis for  
a GIAC Gold paper ;-). SANSFIRE anyone?

I think these days, your standard PC is rather "noisy" on the network  
and it can be challenging to figure out every single packet it sends.  
But if you can't do that: How do you identify bad traffic?

- ---------
SANS 2008 - Orlando, FL; 41 courses, April 18-25

Version: GnuPG v1.4.7 (Darwin)

giac-alumni mailing list
giac-alumni at lists.sans.org

More information about the list mailing list