Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Network Attack Trend Analysis
From: H Carvey <keydet89 () YAHOO COM>
Date: Fri, 8 Sep 2000 11:02:24 -0000

 It's great that we have the sort of authority 
in Mr. Carvey to
explain this all for us,  having "taken graduate 
courses in
statistics and statistical analysis" -- 
something I would never
have guessed if he had not volunteered this 
information.


Well, on the one hand, my post struck a cord with 
someone...guess I should have put on my flak 
jacket at this point...

*Content snipped.  Interestingly enough, none of 
it was addressed.

  Anyone that knows the definition of histogram 
knows that
histograms represent frequency or proportions of 
frequency of the
intervals or classes on the x-axis.  

Great.  It still isn't clear what the "intervals 
or classes on the x-axis" are...

I'll leave 
it to the
graduate students among us to infer fraction 
from proportion.

Ouch!  My comment regarding my educational 
background was intended only to say, "hey, look, 
I'm a smart guy, I know how to look things up that 
I don't know...but I just don't get it."  After 
all, it shouldn't be rocket science...

Mr. Carvey here demonstrates a complete lack of 
very basic
statistical concepts and diagnostics.

Really?  And here I was thinking that it was just 
a matter of not being able to determine what the 
graph is intended to show.

  He baffles himself with my use of the word 
"simple." I meant
"simple" in the sense of untreated, or 
unadjusted by
proportion.  The word could be left out, but was 
meant to
distinguish the variable from other "Defacement 
Per Day" (dpd)
variables, which were sometimes moving averages 
of dpd of
differing composition, proportions of dpd, and 
so on.


Interesting.  Still doesn't address the question 
of what "simple" refers to.  

Could you tell me what the difference between 
"Defacements per day, simple" and "defacements per 
day" is?  Perhaps that would clear things up?  
What exactly _is_ a "simple defacement"?  
Untreated?  Unadjusted by proportion?  

For the sake of clarity then, let me 
rephrase...what is this "defacements per day, 
simple" variable, and how is it important?

This one:


http://www.attrition.org/mirror/attrition/graphs/b
ar_osto
tals.gif

is entitled "OS totals by month"...but what do 
the
various colors on the bars indicate?

  It is reading this that leads me to believe 
that perhaps our
graduate student is subjecting Attrition to 
gratuitous abuse.

And herein lies the issue...you feel that my post 
constitutes gratuitous abuse.  At no point do I 
direct any abuse of any kind at Attrition or even 
you.  In the above question, all I did was quite 
simply ask what the various colors stand for.

Until a couple of weeks ago, this graph was part 
of

http://www.attrition.org/mirror/attrition/os-graph
s.html where
the color of the bars were clearly labeled.  The 
most recent
version of this graph is now on that page, where 
it is now named
"bar_ostotals_stacked.gif", where it is likewise 
labeled.  None
of the graphs are erased month-to-month, but are 
typically
renamed.  They can be found in the browseable

http://www.attrition.org/mirror/attrition/graphs/, 
and often you
can find my tar-balls of the graphs there as 
well.  Yes, gifs,
sans HTML legends or headings.  A casual perusal 
of our graph
pages would have discovered the labeled HTML 
page.


Oh, okay.  I see now.  The graph is question is 
not, in fact, labeled...and it is expected that 
someone visiting the page will do enough browsing 
to discover the legend for that graph.  
Interesting approach...not one I would have taken.  
I'd have a difficult time delivering a report to a 
customer and telling him that all the legends and 
labels to all the data in the report was included 
as part of report done for another part of the 
company, several weeks ago...and that if he 
wanders around enough, he should eventually find 
it.

No, my comments were not abuse of any kind.  The 
thread, it seemed, was directed toward finding 
statistically significant data to justify 
resources to support security efforts.  As there 
is no link from the above listed graph to it's 
original location, hence no immediate way to view 
the legend, it seems to me that the graph itself 
offers very little.



I guess the point is this...if you have 
nothing better to
do and want to waste someone's time...sure, 
show
these graphs to your boss.  They are 
meaningless,
though colorful and probably quite enjoyable 
to look at
when printed on a color printer.

  Mr. Carvey's conclusions are as out of 
proportion as his
authoritative observations.  And we are meant to 
take these
seriously?

So, I get it.  Read the post in SF, assume it's 
some sort of "gratuitous abuse", and then launch 
your own brand of abuse...is that it? 

  "Meaningless.... suspect, but hey, to be 
fair...." is like
saying, "With all due respect, [insert 
gratuitous insult here]".


No, not at all.  The intention is rather 
obvious...to point out, quite specifically, that 
this post does not constitute "gratuitous abuse".  
The point is that the CSI/FBI's sample and very 
method of data collection (ie, a survey) does not 
provide accurate data...some assumptions are that 
(a) respondants have a definition of what 
constitutes an "intrusion", (b) respondants have 
the ability to detect an "intrusion", and (c) 
respondants are fully disclosing information.

The issue of how the data for the graphs on the 
Attrition site is collected was not even addressed 
in Mr. Dickerson's response...he was quite 
obviously more concerned with this preceived 
"gratuitous abuse" than anything else.  It was 
never my intention to deliver abuse of any kind.

H. Carvey


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault