[Dshield] [giac-alumni] 2/3 rds of PC's Compromised???
jullrich at sans.org
Fri Apr 4 14:12:01 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
I don't think its 30-60%. Maybe 10%? But then again. The definition is
"remote control not intended by the user", which is more then "bots
and other malware". For example, a lot of PCs come with "support"
accounts and the user has no idea they exist.
I suggest a little experiment for a SANS conference: Could we find a
group of volunteers who would do a thorough configuration check of
laptops brought in by students? Maybe to go along with a good audit of
traffic on the hotel network? I think that would be an interesting
exercise. The goal would be to explain as much of the traffic as
possible on the hotel network (I don't expect to be able to "explain"
all of it). I actually think either project would be a great basis for
a GIAC Gold paper ;-). SANSFIRE anyone?
I think these days, your standard PC is rather "noisy" on the network
and it can be challenging to figure out every single packet it sends.
But if you can't do that: How do you identify bad traffic?
SANS 2008 - Orlando, FL; 41 courses, April 18-25
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
-----END PGP SIGNATURE-----
giac-alumni mailing list
giac-alumni at lists.sans.org
More information about the list