ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IETF58 - Network Status

2003-11-13 21:56:23
from [Valdis . Kletnieks] [Permanent Link] 


We also had the new overly "helpful" operating systems and a variety of 
infected machines eating bandwidth.


How depressing.  Does anybody have any good estimate on what % of machines were
infected with one or more of the usual standard-equipment pieces of
bandwidth-sucking malware?

It's sad that at an IETF this is a problem, "preaching to the choir" and all
that.  On the other hand, it's not an IETF-only problem. I was at a SANS class
we were hosting a few months ago on using tcpdump.  So just for grins, I set up
a little tcpdump script, and after about 2 hours, right before the lunch break,
I announced "We have some 280 people in this lecture hall, and so far I've seen
97 MAC addresses on the wireless talking to POP-over-SSL on port 995, and 80 or
so talking cleartext POP".  Some guy in the back of the room asked if I was
grabbing passwords, and I told him "I'm a white hat.  I was gathering *only*
SYN packets for statistical purposes.  I have *no* idea what anybody *else* in
this 100,000 square foot building was grabbing out of the air".

It was pretty easy to identify the 80 or so then... all "deer in headlights"
and tapping at keyboards furiously.. :)

Attachment: pgpznAUHHWGAx.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IETF58 - Network Status, Theodore Ts'o
Next by Date:  Notes from this week's Plenaries, Spencer Dawkins
Previous by Thread:  Re: IETF58 - Network Status, Steven M. Bellovin
Next by Thread:  Re: [58crew] RE: IETF58 - Network Status, Scott Lystig Fritchie
Indexes:  [Date] [Thread] [Top] [All Lists]