mailing list archives
Re: [PEN-TEST] Network Attack Trend Analysis
From: H Carvey <keydet89 () YAHOO COM>
Date: Fri, 8 Sep 2000 11:02:24 -0000
It's great that we have the sort of authority
in Mr. Carvey to
explain this all for us, having "taken graduate
statistics and statistical analysis" --
something I would never
have guessed if he had not volunteered this
Well, on the one hand, my post struck a cord with
someone...guess I should have put on my flak
jacket at this point...
*Content snipped. Interestingly enough, none of
it was addressed.
Anyone that knows the definition of histogram
histograms represent frequency or proportions of
frequency of the
intervals or classes on the x-axis.
Great. It still isn't clear what the "intervals
or classes on the x-axis" are...
it to the
graduate students among us to infer fraction
Ouch! My comment regarding my educational
background was intended only to say, "hey, look,
I'm a smart guy, I know how to look things up that
I don't know...but I just don't get it." After
all, it shouldn't be rocket science...
Mr. Carvey here demonstrates a complete lack of
statistical concepts and diagnostics.
Really? And here I was thinking that it was just
a matter of not being able to determine what the
graph is intended to show.
He baffles himself with my use of the word
"simple." I meant
"simple" in the sense of untreated, or
proportion. The word could be left out, but was
distinguish the variable from other "Defacement
Per Day" (dpd)
variables, which were sometimes moving averages
of dpd of
differing composition, proportions of dpd, and
Interesting. Still doesn't address the question
of what "simple" refers to.
Could you tell me what the difference between
"Defacements per day, simple" and "defacements per
day" is? Perhaps that would clear things up?
What exactly _is_ a "simple defacement"?
Untreated? Unadjusted by proportion?
For the sake of clarity then, let me
rephrase...what is this "defacements per day,
simple" variable, and how is it important?
is entitled "OS totals by month"...but what do
various colors on the bars indicate?
It is reading this that leads me to believe
that perhaps our
graduate student is subjecting Attrition to
And herein lies the issue...you feel that my post
constitutes gratuitous abuse. At no point do I
direct any abuse of any kind at Attrition or even
you. In the above question, all I did was quite
simply ask what the various colors stand for.
Until a couple of weeks ago, this graph was part
the color of the bars were clearly labeled. The
version of this graph is now on that page, where
it is now named
"bar_ostotals_stacked.gif", where it is likewise
of the graphs are erased month-to-month, but are
renamed. They can be found in the browseable
and often you
can find my tar-balls of the graphs there as
well. Yes, gifs,
sans HTML legends or headings. A casual perusal
of our graph
pages would have discovered the labeled HTML
Oh, okay. I see now. The graph is question is
not, in fact, labeled...and it is expected that
someone visiting the page will do enough browsing
to discover the legend for that graph.
Interesting approach...not one I would have taken.
I'd have a difficult time delivering a report to a
customer and telling him that all the legends and
labels to all the data in the report was included
as part of report done for another part of the
company, several weeks ago...and that if he
wanders around enough, he should eventually find
No, my comments were not abuse of any kind. The
thread, it seemed, was directed toward finding
statistically significant data to justify
resources to support security efforts. As there
is no link from the above listed graph to it's
original location, hence no immediate way to view
the legend, it seems to me that the graph itself
offers very little.
I guess the point is this...if you have
nothing better to
do and want to waste someone's time...sure,
these graphs to your boss. They are
though colorful and probably quite enjoyable
to look at
when printed on a color printer.
Mr. Carvey's conclusions are as out of
proportion as his
authoritative observations. And we are meant to
So, I get it. Read the post in SF, assume it's
some sort of "gratuitous abuse", and then launch
your own brand of abuse...is that it?
"Meaningless.... suspect, but hey, to be
fair...." is like
saying, "With all due respect, [insert
gratuitous insult here]".
No, not at all. The intention is rather
obvious...to point out, quite specifically, that
this post does not constitute "gratuitous abuse".
The point is that the CSI/FBI's sample and very
method of data collection (ie, a survey) does not
provide accurate data...some assumptions are that
(a) respondants have a definition of what
constitutes an "intrusion", (b) respondants have
the ability to detect an "intrusion", and (c)
respondants are fully disclosing information.
The issue of how the data for the graphs on the
Attrition site is collected was not even addressed
in Mr. Dickerson's response...he was quite
obviously more concerned with this preceived
"gratuitous abuse" than anything else. It was
never my intention to deliver abuse of any kind.
- Re: [PEN-TEST] Network Attack Trend Analysis, (continued)