Dailydave mailing list archives
Re: CISSP quote of the week
From: Pusscat <pusscat () gmail com>
Date: Tue, 11 Apr 2006 08:11:29 -0400
I think by "real" he meant the majority of attacks which take place against a specific target for a specific reason, as opposed to a "hit it cause it's there and vulnerable" sort of aimless attack. It's almost the distinction between random maliciousness, and a directed strike aimed at achieving a specific goal. Very rarely do we see an attack carried out to actually compromise a system for a specific reason making use of a "known" exploit. The assumption you make when using a well-known exploit is that the machine is not important enough to be watched in any meaningful way, which is why it's still vulnerable in the first place. On 4/10/06 2:01 PM, "Dave Korn" <dave.korn () artimi com> wrote:
On 10 April 2006 18:34, Dave Aitel wrote:- From Focus-IDS, which has the highest CISSP density of any known mailing list comes our CISSP QUOTE OF THE WEEK! **** "Also, the majority of attacks in the wild are well-known and easily detected and blocked. " **** I'm going to go out on a limb here and say that the majority of real attacks in the wild are probably 0days or difficult to detect or block.Well, you're going to need to define "real" /very/ carefully for that to be strictly true. Five nines of all attacks are still automated netbios worms, aren't they? They're "real" attacks in the sense that they genuinely do attack and genuinely do succeed in really owning lots of real boxen. If it had been me[*], I would have worded it more like**** "Also, the majority of attacks in the wild are... running over port 445 or 135-139 and hence trivial to detect and defeat. " Now, if you were talking about the majority of sigma(attack frequency * attack seriousness), i.e. if you're talking about a weighted majority, I could get that. So, maybe you mean the majority of *successful* attacks in the wild, or the majority of *newly-emerging* attacks in the wild, or *non-trivial* attacks, or .... ? Or am I just not seeing the angle you're coming from? cheers, DaveK [*] - but you wouldn't catch me hanging out somewhere with that many CISSPs, I'm so low-density-CISSP that the reverse osmotic pressure would propel me straight out of there at high speed just like a seed out of an electric grape...
~ Puss
Current thread:
- CISSP quote of the week Dave Aitel (Apr 10)
- Re: CISSP quote of the week Paul Wouters (Apr 10)
- Re: CISSP quote of the week listlurker (Apr 11)
- RE: CISSP quote of the week Dave Korn (Apr 11)
- Re: CISSP quote of the week Pusscat (Apr 11)
- <Possible follow-ups>
- RE: CISSP quote of the week Des (Apr 11)
- Re: CISSP quote of the week Robert (Apr 11)
- Re: CISSP quote of the week Paul Wouters (Apr 10)