Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Network Attack Trend Analysis
From: H Carvey <keydet89 () YAHOO COM>
Date: Wed, 6 Sep 2000 17:37:36 -0000

Just curious why you would consider the 
attrition.org stats "not factual"?

I'd have to agree that perhaps "not factual" is an 
incorrect phrase...how about "hardly substantial"?

Here's my reasoning...

How does Attrition become aware become aware of 
web page defacements?  Is the predominant method 
that someone informs them?  Who does this?  The 
person who defaces the page, or someone who 
notices the defacement?  If the former, it is therefore 
a logical argument that sites like Attrition lead to more 
web page defacements.  If the latter, then what is to 
say that the statistics are representative...if someone 
just happens to notice by accident that a web page is 

I have just spent some time reviewing several 
(though admittedly not all) of the graphs available on 
the Attrition site.  While I applaud the efforts of the 
Attrition staff, I have to ask...of what use are the 
graphs?  I have taken graduate courses in statistics 
and statistical analysis...yet it isn't clear at all what 
the graphs are intended to represent.

Take for example:


What does the Y-axis represent?  Fraction of what?  
And the X-axis is labeled "Defacements per day, 
simple"...what constitutes a "simple" defacement?

This one:


is entitled "OS totals by month"...but what do the 
various colors on the bars indicate?

I guess the point is this...if you have nothing better to 
do and want to waste someone's time...sure, show 
these graphs to your boss.  They are meaningless, 
though colorful and probably quite enjoyable to look at 
when printed on a color printer.

Not only are the graphs meaningless, but the very 
data that the graphs are based on is suspect.  How is 
the data collected?  

To be fair, though...I have to say the same thing about 
the CSI/FBI survey...the statistics that are generated 
as a result of the survey are largely misunderstood 
(and very often misquoted), but the very method used 
to collect the data is suspect, as well.  

As yet the only information I have seen that even 
remotely approaches validity is the information Cisco 
put out a while ago.  That data was based on 
sanitized data derived from performing vulnerability 
assessments of customer networks.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]