Re: 10,352 active botnets (was Re: register.com down sev0?)
Jose's numbers are conservative. Given some mathematical acrobatics, I'd suggest examining some of the (shocking) number sin Microsoft's Security Intelligence Report (Google it) -- these are reflective: "Of the 4 million computers cleaned by the company's MSRT (malicious software removal tool), about 50 percent (2 million) contained at least one backdoor Trojan. While this is a high percentage, Microsoft notes that this is a decrease from the second half of 2005. During that period, the MSRT data showed that 68 percent of machines cleaned by the tool contained a backdoor Trojan." Ref: http://www.eweek.com/article2/0,1759,2036439,00.asp If you're wondering why DDoS attacks are so effective, look no further than your backyard. - ferg -- Sean Donelan <sean@donelan.com> wrote: On Thu, 26 Oct 2006, alex@pilosoft.com wrote:
Well, let's talk about "worst-case ddos". Let's say, 50mpps (I have not heard of ddos larger that that number). Let's say, you can sink/filter 100kpps on each box (not unreasonable on higher-end box with nsd). That means, you should be able to filter this attack with ~500 servers, appropriately place. Say, because you don't know where the attack will come in, you need 4 times more the estimated number of servers, that's 2000 servers. That's not entirely unreasonable number for a large enough company.
Botnets were the topic at today's Info Security conference in New York City. <http://www.infosecurityevent.com> Coincidences? Or just as random as your iPod shuffle? Jose Nazario estimated that there were 10,352 botnets active on the Internet earlier this year. You will probably always be outnumbered on the public Internet. -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
On Thu, 26 Oct 2006, Fergie wrote:
Jose's numbers are conservative.
Given some mathematical acrobatics, I'd suggest examining some of the (shocking) number sin Microsoft's Security Intelligence Report (Google it) -- these are reflective:
"Of the 4 million computers cleaned by the company's MSRT (malicious software removal tool), about 50 percent (2 million) contained at least one backdoor Trojan. While this is a high percentage, Microsoft notes that this is a decrease from the second half of 2005. During that period, the MSRT data showed that 68 percent of machines cleaned by the tool contained a backdoor Trojan."
Ref: http://www.eweek.com/article2/0,1759,2036439,00.asp
If you're wondering why DDoS attacks are so effective, look no further than your backyard.
- ferg
Jose may be a bit conservative with numbers, but he has good data and shares it, which is more than I can say for some people. Jose is definitely someone who knows what he is talking about when it comes to botnets. These numbers are not really relevant in my opinion, but they help get the message across. Gadi.
On Thu, 26 Oct 2006, Gadi Evron wrote:
Jose may be a bit conservative with numbers, but he has good data and shares it, which is more than I can say for some people.
Dear Fergie; Is there a similar statistic available for Mac OS X ? Regards Marshall On Oct 26, 2006, at 5:43 AM, Fergie wrote:
Jose's numbers are conservative.
Given some mathematical acrobatics, I'd suggest examining some of the (shocking) number sin Microsoft's Security Intelligence Report (Google it) -- these are reflective:
"Of the 4 million computers cleaned by the company's MSRT (malicious software removal tool), about 50 percent (2 million) contained at least one backdoor Trojan. While this is a high percentage, Microsoft notes that this is a decrease from the second half of 2005. During that period, the MSRT data showed that 68 percent of machines cleaned by the tool contained a backdoor Trojan."
Ref: http://www.eweek.com/article2/0,1759,2036439,00.asp
If you're wondering why DDoS attacks are so effective, look no further than your backyard.
- ferg
-- Sean Donelan <sean@donelan.com> wrote:
On Thu, 26 Oct 2006, alex@pilosoft.com wrote:
Well, let's talk about "worst-case ddos". Let's say, 50mpps (I have not heard of ddos larger that that number). Let's say, you can sink/ filter 100kpps on each box (not unreasonable on higher-end box with nsd). That means, you should be able to filter this attack with ~500 servers, appropriately place. Say, because you don't know where the attack will come in, you need 4 times more the estimated number of servers, that's 2000 servers. That's not entirely unreasonable number for a large enough company.
Botnets were the topic at today's Info Security conference in New York City. <http://www.infosecurityevent.com> Coincidences? Or just as random as your iPod shuffle?
Jose Nazario estimated that there were 10,352 botnets active on the Internet earlier this year. You will probably always be outnumbered on the public Internet.
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
On Thursday 26 Oct 2006 13:45, you wrote:
Is there a similar statistic available for Mac OS X ?
Now now.
"Of the 4 million computers cleaned by the company's MSRT (malicious software removal tool), about 50 percent (2 million) contained at least one backdoor Trojan. While this is a high percentage, Microsoft notes that this is a decrease from the second half of 2005. During that period, the MSRT data showed that 68 percent of machines cleaned by the tool contained a backdoor Trojan."
A lot depends on the definition. I've removed some malware trying to exploit an old Microsoft JRE bug. This stuff gets everywhere (well anywhere IE goes). These get downloaded to some cached program folder for Java, and because the exploit hasn't worked for years, sit there till some antivirus software comes along and removes them, doing nowt but consuming disk space. If you are the Microsoft malicious software removal tool marketing department, that is a trojan removed. To the average person on the street, it is another bit of meaningless fluff their PC will lose when they reinstall. So yes, Microsoft is big enough to have bits who have a vested interest in making the other bits look bad (if only incidentally). Thus is the way of big companies.
participants (5)
-
Fergie
-
Gadi Evron
-
Marshall Eubanks
-
Sean Donelan
-
Simon Waters