Counting tells you if you are making progress
Todd Vierling
tv at pobox.com
Sat Feb 24 02:37:08 UTC 2007
On 2/22/07, Sean Donelan <sean at donelan.com> wrote:
> On Wed, 21 Feb 2007, Todd Vierling wrote:
> > I'd say it's severely biased in the overestimation direction -- but
> > that's not to say it isn't a problem, because zombies Suck.
>
> People with access to the ppp, dhcp or nat logs for a network can de-dup the
> counts based on IP addresses to come up with better surveys of infected
> computers. They can further correlate the reports with contact
> with the computer owners of how many computers were found with known or unknown
> malware. But we rarely hear data from them.
Because this is a circular problem: such providers want to deny the
problem until there's a sufficient number, and once they take notice,
the de-dup ... reduces the number.
This isn't a technology problem, it's a *business approach* problem.
But now I'm straying OT.
--
-- Todd Vierling <tv at duh.org> <tv at pobox.com> <todd at vierling.name>
More information about the NANOG
mailing list