Next message: jericho�t_private: "[ISN] DOE Security Web Site"
Forwarded From: Aleph One <aleph1�t_private>
> http://www.techweb.com/wire/story/TWB19980414S0013
On this subject I recommend everyone to read John Howard's
thesis on the history of CERT reported attacks. Its quite
interesting. The only major flaw is that John assumes that
the percentage of sites that report incidents to CERT has
been constant. I would argue that this is not the case,
and that indeed the percentage has gone down as new people
join the Internet. CERT had a high profile when they were
formed after the Internet worm incident but who tells new
businesses and ISPs about CERT? No one. Also hacking has
become more popular and glamourus thanks to the media, and
the are many more tutorial on hacking and they are easier
to obtain than before. You must also understand the
use of the word "attack". They take it to mean each
attempt to break into a site even if they dont succeed.
So if the attacks fingers you thats one. If they try ftp
thats two. If they try telnet thats three. Etc. Then
related attacks are grouped into incidents. The problem
comes in that most people interchange "attack" and
"incident" without explaining what they mean. Then
you start getting some really funny numbers.
Aleph One / aleph1�t_private
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
-o-
Subscribe: mail majordomo�t_private with "subscribe isn".
Today's ISN Sponsor: Dimensional Communications (www.dim.com)
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 12:50:41 PDT