Re: Biggest Rocks and Glassiest Houses

[allison nixon <elsakoo () gmail com>]

I have some anec-data from a narrow view of this problem.

When it comes to DDOS protection, and the proportion of infrastructure that
are behind reasonable, or *really really good* ddos protection, I suspect
the USA is at the top right now. It's never been a better time to get DDOS
attacked as an American. Almost every time I've observed some major company
getting knocked over it's either outside north america or it was some
innovative new botnet.

Also, less anecdotally, USA based assets also get attacked with DDOS more
often. Based on what dataset you see, it's USA or China vying for the top.
Which botnet families you see often skews the statistics towards specific
countries- my current (admittedly skewed) dataset puts USA at 57% of global
victims.

Even less anecdotally, counts of DDOS source machines("IoT") from so-called
"2nd world" countries frequently out-rank the USA despite having fewer
Internet connected people.

That doesn't necessarily support or refute the original point. One
compromised DVR isn't equivalent to one compromised bank admin. but it is
one view of things.


On Wed, Jun 14, 2017 at 10:27 AM, dave aitel <dave () immunityinc com> wrote:

> Ok, so what I was hoping to do was convince Tenable and Qualys to dig
> into their data today and answer a simple question that confounds the
> entire policy world. They say a few pithy things, and without any data
> whatsoever, as is their truest love. The most common thing they say,
> such as on the Steptoe podcast, is "We (the US) have the biggest rocks,
> and the glassiest houses." By this they mean that instability in
> cyberspace effects the US the most. And especially they mean in the
> sectors of critical infrastructure, as including the financial sector
> (which Immunity primarily services from a consulting standpoint).
>
> But I was listening to this this morning on the ride in, after dropping
> my kids off at "sailing camp" where they don't allow computers of any
> kind because if they do that's all kids will want to do, despite having
> a beach and boats and other kids to yell at. And we (like a lot of you)
> do a ton of big vulnerability scans for our customers, and frankly, from
> the perspective of pure vulnerability, I'd say the US is the most
> secure. I.E. I'd love to see what Qualys and Nessus Cloud say, but I
> think the level of criticals and old-ass PHP on any given random US
> Class-C is going to be lower than that of most other countries.
>
> Anyways, IF THAT THEORY IS SUPPORTED BY DATA, that leaves the discussion
> only to a question of how much we "rely" on computers. But "reliance on
> computer networks" is not a simple one dimensional thing. Our military
> might rely on them more than other militaries, but at the same time be
> more protected than other places. I haven't seen data that says the US
> society is in particular more vulnerable from a reliance standpoint than
> anyone else at this stage, especially not Estonia (the titan of
> e-government) or Ukraine.
>
> So to sum up: I think the policy world is again full of it, because it's
> not the 90's anymore, but I want data to back that up. So please donate
> some! :)
>
> -dave
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave



-- 
_________________________________
Note to self: Pillage BEFORE burning.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave