[colug-432] Malware
Seth Hall
seth at icir.org
Fri Jun 24 09:34:31 EDT 2011
On Jun 24, 2011, at 1:46 AM, Richard Hornsby wrote:
> People hate to hear that, and they get kind of mad at me - but that is my professional and personal opinion from my support days, and from my discussions with the really smart people who know more than me about this stuff at Ohio State.
I got to be one of those people at Ohio State telling this to people over and over and over for a number of years. In the security group, we got to the point where we would just automatically detect a continued compromise based on network traffic and the admins would continue to receive emails from us every day until the computer was actually "clean".
When you're watching 60k - 80k computers you have to automate some amount of it. :)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the colug-432
mailing list