Dailydave mailing list archives
RE: CISSP quote of the week
From: "Dave Korn" <dave.korn () artimi com>
Date: Mon, 10 Apr 2006 19:01:12 +0100
On 10 April 2006 18:34, Dave Aitel wrote:
- From Focus-IDS, which has the highest CISSP density of any known mailing list comes our CISSP QUOTE OF THE WEEK! **** "Also, the majority of attacks in the wild are well-known and easily detected and blocked. " **** I'm going to go out on a limb here and say that the majority of real attacks in the wild are probably 0days or difficult to detect or block.
Well, you're going to need to define "real" /very/ carefully for that to be strictly true. Five nines of all attacks are still automated netbios worms, aren't they? They're "real" attacks in the sense that they genuinely do attack and genuinely do succeed in really owning lots of real boxen. If it had been me[*], I would have worded it more like
**** "Also, the majority of attacks in the wild are
... running over port 445 or 135-139 and hence trivial to detect and defeat. " Now, if you were talking about the majority of sigma(attack frequency * attack seriousness), i.e. if you're talking about a weighted majority, I could get that. So, maybe you mean the majority of *successful* attacks in the wild, or the majority of *newly-emerging* attacks in the wild, or *non-trivial* attacks, or .... ? Or am I just not seeing the angle you're coming from? cheers, DaveK [*] - but you wouldn't catch me hanging out somewhere with that many CISSPs, I'm so low-density-CISSP that the reverse osmotic pressure would propel me straight out of there at high speed just like a seed out of an electric grape... -- Can't think of a witty .sigline today....
Current thread:
- CISSP quote of the week Dave Aitel (Apr 10)
- Re: CISSP quote of the week Paul Wouters (Apr 10)
- Re: CISSP quote of the week listlurker (Apr 11)
- RE: CISSP quote of the week Dave Korn (Apr 11)
- Re: CISSP quote of the week Pusscat (Apr 11)
- <Possible follow-ups>
- RE: CISSP quote of the week Des (Apr 11)
- Re: CISSP quote of the week Robert (Apr 11)
- Re: CISSP quote of the week Paul Wouters (Apr 10)