[Asrg] enough about backscatter
Steve Atkins
steve at blighty.com
Sun Jan 18 18:37:33 PST 2009
On Jan 18, 2009, at 5:34 PM, Chris Lewis wrote:
> J.D. Falk wrote:
>> On 16/01/2009 03:50, "John Levine" <johnl at taugh.com> wrote:
>>
>>> Perhaps it's time to amend the ASRG charter to exclude easily
>>> visualized but actually hypothetical threats. If you disagree that
>>> they're hypothetical, first you have to go get real data to support
>>> your claim.
>
>> However, I wouldn't mind discussion about /how/ to get real data....
>
> It seems to me to be part of a process. A "threat model" comes up,
> and
> we remember that part of the discussion should be to figure out how
> likely/possible/extant they really are.
> Indeed, if you don't think a threat model is realistic, it's kinda
> hard
> to prove that it isn't - proving a negative.
Also, part of the process is either the deployment of the supposed
countermeasure and watching the result, or construction of a plausible
theoretical model, designed by thoughtful, well-informed people, of the
same.
Measuring how well some countermeasure works on traffic monitored
_today_, before widespread adoption of the countermeasure and
changes by other parties on the network in response to that deployment
is often going to be entirely worthless.
In those cases, the only way to measure (as opposed to predict) the
efficacy of a countermeasure is fairly large scale deployment.
> In the discussion at hand, I wasn't able to give concise quantitative
> numbers. Because they are, to a great degree, unknowable. What I did
> instead was to show, by inference/within orders of magnitude, that i
> wasn't happening with _huge_ numbers of "supposedly dangerous actions"
> (rejecting).
Cheers,
Steve
More information about the Asrg
mailing list