I can't find a reference to this now, but at Vern Paxon's talk at the 1999 USENIX Workshop on Intrusion Detection he claimed that malicious packets and broken packets are essentially indistinguishable. Obviously this wouldn't apply to certain obviously intrusions attempts (like a GET cmd.exe in your logs, or something similar) but if true I would have to imagine it would cast serious doubt on just about any hard number you could find. A workshop program is at http://www.usenix.org/events/detection99/brochure/tech02.html but it doesn't mention this particular claim. -dk > -----Original Message----- > From: Piyush Bhatnagar [mailto:piyushat_private] > Sent: Wednesday, July 09, 2003 8:23 PM > To: incidentsat_private > Subject: Information Needed on Malicious Traffic > > > Hi All, > > I am doing some research on the amount of malicious traffic > on the internet. > > In your opinion, what percentage of traffic entering your > networks (and on the internet) would you consider as dirty? > By Dirty traffic I mean to refer to the traffic that is > un-desired or malicious which could contain traffic related > to attacks, probes, spam etc. > > I have read a few white papers from some security product > vendors and the claims range from 5% to 30%. > > Any responses will be welcome. > > Thanks, > Piyush > > - > Regards, Piyush > ========================== > Piyush Bhatnagar, CISSP > piyushat_private > ========================== > > > -------------------------------------------------------------- > -------------- > Attend the Black Hat Briefings & Training, July 28 - 31 in > Las Vegas, the > world's premier technical IT security event! 10 tracks, 15 > training sessions, > 1,800 delegates from 30 nations including all of the top > experts, from CSO's to > "underground" security specialists. See for yourself what > the buzz is about! > Early-bird registration ends July 3. This event will sell > out. www.blackhat.com > -------------------------------------------------------------- > -------------- > > ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jul 10 2003 - 13:10:21 PDT