[Dshield] [giac-alumni] 2/3 rds of PC's Compromised???

John Strand strandjs at gmail.com
Sun Apr 6 13:18:21 GMT 2008


I would love to assist a Masters student or Gold candidate with this.

Johannes Ullrich wrote:
>
> I don't think its 30-60%. Maybe 10%? But then again. The definition is  
> "remote control not intended by the user", which is more then "bots  
> and other malware". For example, a lot of PCs come with "support"  
> accounts and the user has no idea they exist.
>
> I suggest a little experiment for a SANS conference: Could we find a  
> group of volunteers who would do a thorough configuration check of  
> laptops brought in by students? Maybe to go along with a good audit of  
> traffic on the hotel network? I think that would be an interesting  
> exercise. The goal would be to explain as much of the traffic as  
> possible on the hotel network (I don't expect to be able to "explain"  
> all of it). I actually think either project would be a great basis for  
> a GIAC Gold paper ;-). SANSFIRE anyone?
>
> I think these days, your standard PC is rather "noisy" on the network  
> and it can be challenging to figure out every single packet it sends.  
> But if you can't do that: How do you identify bad traffic?
>
> ---------
> SANS 2008 - Orlando, FL; 41 courses, April 18-25
> http://www.sans.org/info/19686
>
>
>
>
>
>
>

_________________________________________
SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up 
north if you can be in New Orleans.  http://www.sans.org/info/15826




More information about the list mailing list