[95074] in North American Network Operators' Group
Re: Counting tells you if you are making progress
daemon@ATHENA.MIT.EDU (Sean Donelan)
Mon Feb 26 18:01:31 2007
Date: Thu, 22 Feb 2007 13:13:25 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Wed, 21 Feb 2007, Todd Vierling wrote:
> I'd say it's severely biased in the overestimation direction -- but
> that's not to say it isn't a problem, because zombies Suck.
People with access to the ppp, dhcp or nat logs for a network can de-dup the
counts based on IP addresses to come up with better surveys of infected
computers. They can further correlate the reports with contact
with the computer owners of how many computers were found with known or unknown
malware. But we rarely hear data from them.
Although I disagree with some of the survey counts, finding zombies isn't
a problem. Figuring out if a computer is actually fixed and stays fixed
is still the problem. Sometimes it feels like an episode of "House."
Except House wraps up the case in 60 minutes.
