This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Flawed Statistics

Posted by: Anonymous Coward on October 09, 2004 02:34 PM
Your understanding of probability is deeply flawed, and I would suggest either a course or text on the topic. (If you ever see this again...)

10% probability is based on all servers - ie, not terribly useful for attacking a single server, where it either is on or not, but useful for attacking a large number of random unknown machines. Also, "only 10% [of servers]" is several million machines. A recent attack against BlackICE hit every vulnerable machine, 12,000 in total, in 45 minutes.

In addition, this would not be a solitary attack, except perhaps at first. Like most other highly successful worms/hackers, it would be one part of a broad array of exploits, any one of which could be successful and the tipping point. You don't need to assume that it is used; it's enough to know that it could be used, and work from there. Many hybrid worms, and all competent attackers, have used this theory to great results.

#

Return to A critique of port knocking