|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] CISSP quote of the week
From: Pusscat (pusscat
gmail.com)
Date: Tue Apr 11 2006 - 07:11:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I think by "real" he meant the majority of attacks which take place against
a specific target for a specific reason, as opposed to a "hit it cause it's
there and vulnerable" sort of aimless attack.
It's almost the distinction between random maliciousness, and a directed
strike aimed at achieving a specific goal. Very rarely do we see an attack
carried out to actually compromise a system for a specific reason making use
of a "known" exploit. The assumption you make when using a well-known
exploit is that the machine is not important enough to be watched in any
meaningful way, which is why it's still vulnerable in the first place.
On 4/10/06 2:01 PM, "Dave Korn" <dave.kornartimi.com> wrote:
> On 10 April 2006 18:34, Dave Aitel wrote:
>
>> - From Focus-IDS, which has the highest CISSP density of any known
>> mailing list comes our CISSP QUOTE OF THE WEEK!
>> ****
>> "Also, the majority of attacks in the wild are well-known and easily
>> detected and blocked. "
>> ****
>>
>> I'm going to go out on a limb here and say that the majority of real
>> attacks in the wild are probably 0days or difficult to detect or
>> block.
>
>
> Well, you're going to need to define "real" /very/ carefully for that to be
> strictly true. Five nines of all attacks are still automated netbios worms,
> aren't they? They're "real" attacks in the sense that they genuinely do
> attack and genuinely do succeed in really owning lots of real boxen. If it
> had been me[*], I would have worded it more like
>
>> ****
>> "Also, the majority of attacks in the wild are
>
> ... running over port 445 or 135-139 and hence trivial to detect and defeat. "
>
>
> Now, if you were talking about the majority of sigma(attack frequency *
> attack seriousness), i.e. if you're talking about a weighted majority, I could
> get that. So, maybe you mean the majority of *successful* attacks in the
> wild, or the majority of *newly-emerging* attacks in the wild, or
> *non-trivial* attacks, or .... ? Or am I just not seeing the angle you're
> coming from?
>
>
> cheers,
> DaveK
>
> [*] - but you wouldn't catch me hanging out somewhere with that many CISSPs,
> I'm so low-density-CISSP that the reverse osmotic pressure would propel me
> straight out of there at high speed just like a seed out of an electric
> grape...
~ Puss
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]