IDS mailing list archives
Re: Are sophisticated attacks just FUD?
From: Brian Lund <brianlund () gmail com>
Date: Wed, 30 Jun 2004 09:56:48 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 While I don't have any research at hand, I'm almost certain any such research would show the vast majority of "attacks" are script kiddies trying to exploit some Windows hole using a widespread attack tool written by someone else. You will have a very hard time proving that any significant percentage of attacks are carried out by a sophisticated attacker, because it's almost certainly not true. That doesn't mean sophisticated attacks are FUD from tool companies looking to sell their latest wares, however. A good (or even average) network will shrug off hundreds or thousands of "attacks" from script kiddies per day. But it only takes one sophisticated attack to possibly put your business, well, out of business. In this case, your boss is missing the point. It's not how many times you are attacked by a sophisticated attacker, but how many successful attacks can your business afford? If the number is zero, those tools are worth the money. On Tue, 29 Jun 2004 09:12:02 -0700 (PDT), Sam Heshbon <sheshbon () yahoo com> wrote:
I had a big discussion with my boss who claims most of the IPS, SIM
and other new tools are just a
hype protecting from sophisticated threats, which only exist in
labs.
He thinks multi staged attacks and so on do not often happen in the
wild and shows our firewall's
logs as evidence. It is true we see mostly worms.(NMAP) scanning
happens once in a while, but he
claims it's a script kiddy and the fact we have never seen a breach
means it is not a real threat
(we run a large network operation). I'm looking for statistical data showing how frequent sophisticated
attacks and advanced tools are
evolved and what there damage is to the corporate. If anyone knows
of a research showing if this
is FUD or a real problem, I'd love to prove him wrong (I'm willing
to admit I'd be happy to have
some new toys ;) __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
- -- Brian Lund Iowa State Cyber Corps PGP Key ID: A18C0BA8 (1024/2048 | DSA/ELG) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1 iD8DBQFA4vCle6h5JaGMC6gRAomDAJ4geD/3OXZtg5JpO2Cn3vtFPnxlgwCglyqv jbHX0HGZhLVKqr3UpyJ62nE= =ERE1 -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: Are sophisticated attacks just FUD? Drew Simonis (Jun 30)
- <Possible follow-ups>
- Re: Are sophisticated attacks just FUD? Brian Lund (Jun 30)
- RE: Are sophisticated attacks just FUD? Keith T. Morgan (Jun 30)
- RE: Are sophisticated attacks just FUD? Angel Rivera (Jun 30)
- RE: Are sophisticated attacks just FUD? drbitbucket (Jul 01)
- RE: Are sophisticated attacks just FUD? Steve Hall (Jul 01)
- RE: Are sophisticated attacks just FUD? Joshua Berry (Jul 01)
- RE: Are sophisticated attacks just FUD? Chuck Herrin (Jul 04)
- RE: Are sophisticated attacks just FUD? Rob Shein (Jul 01)
- RE: Are sophisticated attacks just FUD? Runion Mark A FGA DOIM WEBMASTER(ctr) (Jul 04)
- Re: Are sophisticated attacks just FUD? Anton A. Chuvakin (Jul 09)