nanog mailing list archives
Re: IBM report reviews Internet crime
From: Owen DeLong <owen () delong com>
Date: Tue, 12 Feb 2008 11:17:55 -0800
Some highlights from the Management summary with my comments in [squarebrackets]: Vulnerabilities * Although total vulnerability disclosures went down, the number of reported high severity vulnerabilities increased by 28 percent in comparison with 2006.* The busiest day of the week for vulnerability disclosures continued tobe Tuesday, with 1,361 new vulnerabilities disclosed on this day of the week in 2007. * Of all the vulnerabilities disclosed in 2007, only 50 percent can be corrected throughvendor patches. [suggests that ISPs need to be proactive about detectingand blocking compromised machines]
I think this conclusion assumes a number of facts not in evidence. If the vulnerability cannot be corrected through a vendor patch, then, one has to wonder what, exactly the vulnerability is. If it is social engineering, then, I don't believe that ISP proactivity can really address the issue. Much more detail on the nature of these vulnerabilities which cannot be corrected by vendor patches is needed before any useful conclusion about the correct solution can be drawn.
* Critical vulnerabilities for Mozilla Firefox were dramatically lower in 2007 compared to 2006. [If you still distribute any kind of software kits that do not install FireFox, you are doing your customers a disservice and making yourdetection and blocking task that much bigger. When you contact customers with compromised machines you might want to make it mandatory to installFirefox from your servers before re-enabling Internet access]
Huh? Why should everyone ship a browser with their software kit? Browsers are like religion. You're really not going to have a lot of success trying to force one down your customers' throats. It's great that Firefox security has improved, but, this statement alone does not really provide any details about the current relative level of vulnerability between Firefox and any other browser.
* The U. S. and Germany were the only two countries consistently among the top three hosting sources for each type of "unwanted" Internet content monitored throughout 2007.[Suggests that NANOG members need to raise the bar considerably to clean up their own backyard. What do you know about your own Internet peeringpartners?]
Considering that the US is also consistently among the top three sourcesof desirable content, I'm not sure that this ranking necessarily proves much of anything, but, I do agree that ISPs could do a better job of shutting down
mal-sites.
Malcode * Trojans represent the largest category of malware in 2007 - 109,246 varieties account for 26 percent of all malware. * The most frequently occurring malware on the Internet was Trojan.Win32.Agent - 26,573 varieties in 2007 account for 24 percent of all Trojans. * The most common worm in 2007 was Net-Worm.Win32.Allaple with 21,254 varieties. It is a family of polymorphic worm that propagates by exploiting Windows(r) vulnerabilities instead of using e-mail.[This suggests that targetting these specific attack vectors could clean up a significant amount of the problem and correspondingly recduce yourcosts for detection and blocking of compromised machines.]
It also suggests that taking Windows off the net could do a lot to reduce
the level of vulnerability, but, I'm not holding my breath until that happens either. Owen
Current thread:
- IBM report reviews Internet crime michael.dillon (Feb 12)
- Re: IBM report reviews Internet crime Owen DeLong (Feb 12)
- Re: IBM report reviews Internet crime Florian Weimer (Feb 12)
- Re: IBM report reviews Internet crime Owen DeLong (Feb 12)
- Re: IBM report reviews Internet crime Florian Weimer (Feb 13)
- Re: IBM report reviews Internet crime Florian Weimer (Feb 12)
- Re: IBM report reviews Internet crime Valdis . Kletnieks (Feb 12)
- Re: IBM report reviews Internet crime Jim Popovitch (Feb 12)
- Re: IBM report reviews Internet crime Andre Gironda (Feb 12)
- Re: IBM report reviews Internet crime JC Dill (Feb 13)
- Re: IBM report reviews Internet crime Andre Gironda (Feb 13)
- Re: IBM report reviews Internet crime Mark Radabaugh (Feb 13)
- RE: IBM report reviews Internet crime Frank Bulk (Feb 14)
- Re: IBM report reviews Internet crime Owen DeLong (Feb 12)