On Tue, 4 May 2004 02:42:10 -0400 (EDT) Sean Donelan <[EMAIL PROTECTED]> wrote: > > On Mon, 3 May 2004, william(at)elan.net wrote: > > Similarly when settting up computers for several of my relatives (all > > have dsl) I've yet to see any infection before all updates are installed. > > The folks at CAIDA can do the math, but it turns out many of the recent > worms have some interesting gaps in their address scanning routines. > There are some Internet address ranges scanned every few seconds, while > other address ranges may go weeks between scans. This is part of the > reason why "network telescope" estimates of how many infected computers > are so wrong. They assume a uniform distribution of worm scans and > infected computers.
I think that their math is challenged in general - Sasser appears to do TCP scanning of the entire multicast address range, which betrays a lack of knowledge or concern about Internet routing. Regards Marshall Eubanks > > I've seen "raw" Windows boxes connected to the Internet for 4 weeks > without being compromised. A watched honeypot never attracts the bear :-) > I've also seen Windows boxes compromised during the boot process between > the time the network interface is enabled and XP's built-in firewall > being activated, less than 1 second. > > Of course we still have the human factor. Some system compromises require > the user to save an attachment, rename the file, open the file, enter a > password, extract another file and then run it in order to compromise > the computer. Its amazing how many infected computers are behind > NAT/firewalls. Firewalls and antivirus help, but please when you > get a message from your ISP saying your computer is infected check > it out. Don't assume it can't happen to you just because. > > I have not found an official Microsoft source for MD5 hashes of > Windows, so its difficult to find unknown stuff on your computer. There > are some third-party products which can do change monitoring of Windows. > But I agree with Rob Thomas and others, the only way to restore trust > in your Windows' system is to re-install from a known, good distribution. > Unfortunately, this is beyond the capabilities of many home (and even > office) users.