For anyone that is interested:-
- posted
5 years ago
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
For anyone that is interested:-
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
If threats can be tracked, why can't they be blocked? The internet should not transport malware.
-- John Larkin Highland Technology, Inc lunatic fringe electronics
Denial of service attacks can be recognised as threats, because they involves a lot of packets. Working out from any individual packet that it is part of an attack might be more difficult.
The more basic question, which John Larkin doesn't seem to have thought about, is how one might recognise "malware" and distinguish from the sort of traffic that - say - these posts involve.
-- Bill Sloman, Sydney
Because most such attacks come from hijacked PC's. The PC's are controlled by the evil bad guys from other hijacked PC's forming a "botnet". They also tend to use VPN's to cover their tracks. It's easy enough to find the source of the attacks, but not so easy finding the originator of the malware or the operators of the botnet. If you go chasing after the IP address displayed by such threat maps, you'll probably find some home or small business user with an infected PC, probably in another country.
When these botnets are not busy attacking other computers, they use their spare time to distribute email spam. Here's a list of the top spammers: Want to help solve the spam problem? Just hire a hit man and take out these spammers in alphabetical order. No need to massacre the entire list as those further down the alphabet quickly get the idea.
-- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com
Yes Jeffrey, and most of those hijacked PCs are in places like the Far East where the users are running illegal copies of Windows which are already compromised and on top of that they don't even bother installing updates and have no firewalls or improperly configured firewalls. A bloody good reason to use Linux!
-- This message may be freely reproduced without limit or charge only via the Usenet protocol. Reproduction in whole or part through other
You clearly spent no time looking at that map. Much of the attacks were FROM the US!
Rick C.
at least overseas they sell a Windows International English edition or somesuch which you can usually get a license for from legit OEM sources for the equivalent of like 30 bux US. that's about what I'd pay for a piece of junk!!!! not the silly box retail US prices...
The map is fun to watch! USA! USA! We're kicking everybody's ass, and taking names. Seattle and Texas just tag teamed Vietnam and Russia and the Netherlands and kicked the shit outta 'em with those cyber missiles
A bit of added compute power in the network could snoop packets and apply some artificial intelligence to kill the bad stuff. Things like that.
Of course, a decent OS just wouldn't allow nasties.
-- John Larkin Highland Technology, Inc picosecond timing precision measurement
"Things like that" have another name: "magic", as in "this is the point at which magic is invoked".
Impossible to achieve, but most of the current crop are shockingly dismal, favouring "ease of use" and "minimal customer support calls" over security.
Cloudflare sorts the "good guys" from the "bad guys" by putting itself between their client's Web servers and the Internet and requesting the visitor's browser to perform a quiz question, maybe something like a mild prime factorization problem. It's selected to be fast enough that a modern PC can do it quickly enough such that it's mostly transparent to the user but will slow down a denial-of-service attack enough to keep the request load within the headroom of their client's load capability
Why not apply antivirus technology to the entire Net? Don't transport bad packets, or any packets from malware-sprouting IP addresses. That's not magic.
Why impossible? A decent hardware architecture and a sensible OS could allow absolute protections. Maybe RISC-V is the opportunity.
-- John Larkin Highland Technology, Inc picosecond timing precision measurement
onsdag den 3. oktober 2018 kl. 02.59.01 UTC+2 skrev John Larkin:
the internet is made route around obstacles and you there was some central way of banning stuff, you couldn't see the end of the line of the people and politicians that wanted to add their little thing to the banned list ala the great firewall of China
This conveniently ignores the question of how you identify "bad packets". A nti-virus software can identify repeated examples of the same packet - afte r that packet has been identified as a virus. The trick of including a fiel d of random numbers in each viral packet has been well-known for a long tim e - the viral packets don't have to be identical to be effective.
It may not be impossible, but we don't seem to have one yet.
I wonder why John Larkin thinks that? Maybe Anthony Watts has posted this c laim on one of his denialist web-sites, and John Larkin believes everything he gets from them.
For the malware community? Every other computer architecture has proved to have weaknesses that malicious programmers have been able to exploit.
-- Bill Sloman, Sydney
Because it will be like drinking from a fire hose. The traffic has to broken out into individual data streams, individual inspected by an elaborate filter designed to detect KNOWN viruses and malware. That's not easy. However, the NSA is doing something like that looking terrorist discussing their next attack plan. Right. Anyway, they probably don't look at it in real time, but rather record what they need and analyze it later at their leisure. However, any evil malware spammer with a clue would encrypt all his traffic until it hits the last hop, where it is decrypted, and delivered as ready to use malware. In encrypted form, it's not sniffable and probably not easily decrypted.
The trend is to put more and more emphasis on user based security. Vendors seem to contend that they can't guarantee the integrity and security of their own products, so maybe having the user tediously scan, filter, and test for evilware. So, they pass the buck to the users, claiming that it's somehow the victims responsibility to protect themselves. If you really want a vendor policed secure operating system, simply standardize the EULA requirements so that the vendor is financially responsible for any security breaches, malware, software bombs, and consequential damages. That should get their attention. Of course, you wouldn't be able to afford the resulting secure OS or want to run it because of all the intrusive security features. I went through all that with Unix C2 enhanced security and barely survived.
More threat map sites:
-- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com
I wonder if these attack map sites are real or all made up ? Either the map or the list of threats or spams coming up on the bottom of the screens ? I've seen these maps a whiel back but never really thought about how they get that info.
I pulled up a couple of differentpairs of those sites and placed them next to each other but it's hard to tell if they are showing the same thing or not. I'm sure there are at least delays of one site vs. the other so I can't really tell... How do they obtain this data ?
One Youtube show I watch now and then is AT&T ThreatTraq where they talk about the most scanned ports that week. Not sure how they get that info either but maybe because they are a communications company ?
Windows is a mess primarily because Microsoft doesn't attract top talent anymore, Google and Facebook poach a lot of that, has a very next-quarter focus and reportedly always prefers the talented developers they do have to be focusing on new features rather than hunting down and fixing vulnerabilities or refactoring poorly written code. and just a generally unpleasant place to work for with high turnover.
Answered my own question I think by Googling..... DuH !
From one map info in particular anyway...
" Norse Intelligence Platform
Every second, Norse collects and analyzes live threat intelligence from darknets in hundreds of locations in over 40 countries. The attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors. At a glance, one can see which countries are aggressors or targets at the moment, using which type of attacks (services-ports).
Hovering over the ATTACK ORIGINS, ATTACK TARGETS, or ATTACK TYPES will highlight just the attacks emanating from that country or over that service-port respectively. Hovering over any bubble on the map, will highlight only the attacks from that location and type.
Norse exposes its threat intelligence via high-performance, machine-readable APIs in a variety of forms. Norse also provides products and solutions that assist organizations in protecting and mitigating cyber attacks.
"
Right. Current computer architectures and OSs are fundamentally garbage. Let's hope that is not a permanent condition.
How many security bugs has Windows had so far? Tens of thousands? Why are Microsoft and Intel not liable for the damage done?
If you really want a vendor policed secure
A secure hardware/software architecture neen not be complex or expensive, but it would need a clean design, not just more kluges piled on top of fundamentally stupid designs.
But meanwhile, the network could look for and not transport malware.
I'd pay for an ISP and a DNS that protected me better.
If all those infected packets are identified, why are they delivered?
-- John Larkin Highland Technology, Inc lunatic fringe electronics
Invoke the magic genie with the all seeing eye. Individual packets can be made to look quite harmless even when they have a dangerous payload. You are assuming the existence of a quick solution to the halting problem when you only have a part of the final program.
Coupled with the tendency of any kind of heuristic to have false positives and you quickly get to a situation where the cure is worse than the disease it is trying to prevent.
Attempts to blacklist dodgy IP addresses do exist and sometimes work but more often than not they harm the next encumbent of a dynamic pool of IP addresses rather than the compromised machine which will just move on.
Hardware engineers are inclined to view software as trivial. It isn't.
Viper was one attempt to make an absolutely secure processor from the ground up done by RSRE hardware engineers. It all ended in acrimony and tears. NASA came closest to a full formal proof (but look at the spec).
(large file warning)
There have been a few very secure CPU designed experimentally and they typically separate data from executable code in some fashion and guard the transition of one into the other very very carefully.
-- Regards, Martin Brown
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.