Dumb users spread viruses

However, someone attending NANOG should at least have cleaned up slammer before connecting to the wireless...

Apparently this went out twice. Apologies for that - the wireless net went away before my mail client claimed the smtp transaction finished.

I have never seen any evidence that security experts or network operators
are any better at practicing security than any other user group. In every
forum I've been at, the infection rates have been similar regardless of
the attendees security experience.

Sometimes the attendees know about the issue, but do not have the power
to fix it, e.g. corporate IT deparment controls the laptop they are
required to use. Other times, they are oblivious to the equipment being

I wouldn't be surprised if I went to a meeting at the Department of
Homeland Security or NSA, their infection rates are similar.

This is dramatically demonstrated by the number of NANOG attendees
that do not utilize encrypted paths to communicate back to their
offices and who do not maintain at least passable password standards
for their own accounts. It always astonishes me to see passwords such
as "asdfg", "microsoft", and "password" come up on that list.

Been there, done that.

We hosted a SANS-EDU event a while back, and had about 300 people in a
lecture hall, most of whom had wireless access. I ran a small tcpdump
on the wireless, grabbing only outbound SYN packets for port 110, 995,
and the ports IMAP lives on. About lunchtime, I announced that I'd seen
some 50 or so people using encrypted POP on 995, and 65 or so using it
in plaintext. Somebody asked what data I was gathering, and I said "I'm
a white hat, I only looked at SYN packets enough to make this announcement."
Suddenly, we have 65 relieved looking people. Then I added "But I have no
idea at all what people sitting out in the atrium are grabbing off the
wire" - and we had 65 worried looking people. :wink:

I didn't see very many SYN packets on port 110 in the afternoon session. :slight_smile: