IDS mailing list archives

Re: Are sophisticated attacks just FUD?

From: Brian Lund <brianlund () gmail com>
Date: Wed, 30 Jun 2004 09:56:48 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

While I don't have any research at hand, I'm almost certain any such
research would show the vast majority of "attacks" are script kiddies
trying to exploit some Windows hole using a widespread attack tool
written by someone else.  You will have a very hard time proving that
any significant percentage of attacks are carried out by a
sophisticated attacker, because it's almost certainly not true.

That doesn't mean sophisticated attacks are FUD from tool companies
looking to sell their latest wares, however.  A good (or even
average) network will shrug off hundreds or thousands of "attacks"
from script kiddies per day.  But it only takes one sophisticated
attack to possibly put your business, well, out of business.  In this
case, your boss is missing the point.  It's not how many times you
are attacked by a sophisticated attacker, but how many successful
attacks can your business afford?  If the number is zero, those tools
are worth the money.

On Tue, 29 Jun 2004 09:12:02 -0700 (PDT), Sam Heshbon
<sheshbon () yahoo com> wrote:

I had a big discussion with my boss who claims most of the IPS, SIM

and other new tools are just a

hype protecting from sophisticated threats, which only exist in

labs.

He thinks multi staged attacks and so on do not often happen in the

wild and shows our firewall's

logs as evidence. It is true we see mostly worms.(NMAP) scanning

happens once in a while, but he

claims it's a script kiddy and the fact we have never seen a breach

means it is not a real threat

(we run a large network operation).
I'm looking for statistical data showing how frequent sophisticated

attacks and advanced tools are

evolved and what there damage is to the corporate. If anyone knows

of a research showing if this

is FUD or a real problem, I'd love to prove him wrong (I'm willing

to admit I'd be happy to have

some new toys ;)

__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

- ---------------------------------------------------------------------------

- ---------------------------------------------------------------------------



- -- 
Brian Lund
Iowa State Cyber Corps
PGP Key ID: A18C0BA8 (1024/2048 | DSA/ELG)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1

iD8DBQFA4vCle6h5JaGMC6gRAomDAJ4geD/3OXZtg5JpO2Cn3vtFPnxlgwCglyqv
jbHX0HGZhLVKqr3UpyJ62nE=
=ERE1
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------

---------------------------------------------------------------------------

Current thread:

Re: Are sophisticated attacks just FUD? Drew Simonis (Jun 30)
- <Possible follow-ups>
- Re: Are sophisticated attacks just FUD? Brian Lund (Jun 30)
- RE: Are sophisticated attacks just FUD? Keith T. Morgan (Jun 30)
- RE: Are sophisticated attacks just FUD? Angel Rivera (Jun 30)
- RE: Are sophisticated attacks just FUD? drbitbucket (Jul 01)
- RE: Are sophisticated attacks just FUD? Steve Hall (Jul 01)
- RE: Are sophisticated attacks just FUD? Joshua Berry (Jul 01)
  - RE: Are sophisticated attacks just FUD? Chuck Herrin (Jul 04)
- RE: Are sophisticated attacks just FUD? Rob Shein (Jul 01)
- RE: Are sophisticated attacks just FUD? Runion Mark A FGA DOIM WEBMASTER(ctr) (Jul 04)
- Re: Are sophisticated attacks just FUD? Anton A. Chuvakin (Jul 09)