Good point - then what is the cost of attempting to mitigate or handle attacks vs. doing nothing? ----- Original Message ----- From: Joel Jaeggli <joelja@darkwing.uoregon.edu> Date: Thursday, November 13, 2003 10:14 am Subject: Re: Cost of Worm Attack Protection
I haven't seen any network or customer site that has protected itself from worms... only mitigated them.
joelja
On Thu, 13 Nov 2003 sgorman1@gmu.edu wrote:
I was hoping to get some estimates from folks on the costs of
defending> networks from various worm attacks. It is a pretty wide open question,
but if anyone has some rough estimates of what it costs per edge, manpower vs. equipment costs, or any combination thereof it would be of great assistance. We are doing some simulations of attack and defense> strategies and looking for some good metrics to plug into a cost benefit model. We'd be happy to share the results if anyone is interested as well.
Thanks in advance,
sean
-- ------------------------------------------------------------------- ------- Joel Jaeggli Unix Consulting joelja@darkwing.uoregon.edu GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
On Thu, Nov 13, 2003 at 10:58:38AM -0500, sgorman1@gmu.edu wrote:
Good point - then what is the cost of attempting to mitigate or handle attacks vs. doing nothing?
I've found that they're usually higher than doing nothing at all. In the case of the fun in august, people who blocked the microsoft ports that worms were spreading across (i mean newly blocked them that is) saw increased support costs associated with what was broken vs just leaving the network in the state it was. While the increased traffic and infection was a problem, the network devices mostly yawned at the activity and the irate customers who were (ab)using the network to use these MS RPC features were quite vocal about the filtering. This also helped raise customer awareness that we can not filter for them. They must manage their devices in order to keep their network secure or get cut off from our network. - Jared (how i wish microsoft would release a stinking patch CD) -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
On Thursday, 2003-11-13 at 13:49 EST, Valdis.Kletnieks@vt.edu wrote:
On Thu, 13 Nov 2003 12:59:30 EST, Jared Mauch said:
(how i wish microsoft would release a stinking patch CD)
Be careful what you ask for. They may actually release a CD of stinking patches. :)
They just did (perhaps not on a CD) - viz. MS03-048. See news://news.microsoft.com/eJnPecXqDHA.3504%40TK2MSFTNGP11.phx.gbl Tony Rall
participants (4)
-
Jared Mauch -
sgorman1@gmu.edu -
Tony Rall -
Valdis.Kletnieks@vt.edu