[Dshield] [giac-alumni] 2/3 rds of PC's Compromised???
Fuller, Kevin R.
KFuller at DMV.CA.gov
Tue Apr 8 19:55:15 GMT 2008
How about taking this idea one step further at the Ethical Hacking
Summit and ask for student laptops to be targets of "ethical hacking".
Then compile, obfuscate and present the results on the second day of the
Either way, it seems, might be a good, repeatable subject for a SANS
Masters degree RI requirement.
CCNP, GSNA, GCIH, GCIA, GWAS, GREM
ISD/System Test, DMV
From: Johannes Ullrich [mailto:jullrich at sans.org]
Sent: Friday, April 04, 2008 7:12 AM
To: General DShield Discussion List
Cc: GIAC Alumni List
Subject: Re: [Dshield] [giac-alumni] 2/3 rds of PC's Compromised???
-----BEGIN PGP SIGNED MESSAGE-----
I don't think its 30-60%. Maybe 10%? But then again. The definition is
"remote control not intended by the user", which is more then "bots
and other malware". For example, a lot of PCs come with "support"
accounts and the user has no idea they exist.
I suggest a little experiment for a SANS conference: Could we find a
group of volunteers who would do a thorough configuration check of
laptops brought in by students? Maybe to go along with a good audit of
traffic on the hotel network? I think that would be an interesting
exercise. The goal would be to explain as much of the traffic as
possible on the hotel network (I don't expect to be able to "explain"
all of it). I actually think either project would be a great basis for
a GIAC Gold paper ;-). SANSFIRE anyone?
I think these days, your standard PC is rather "noisy" on the network
and it can be challenging to figure out every single packet it sends.
But if you can't do that: How do you identify bad traffic?
SANS 2008 - Orlando, FL; 41 courses, April 18-25
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
-----END PGP SIGNATURE-----
More information about the list