On Sun, Mar 07, 2004 at 08:28:53PM +0000, Christopher L. Morrow wrote:
Without any data to back this up, I'm estimating based on the attacks I've dealt with. I don't believe the number have gone down at all. If it has, it's done that for someone else, not me,
Is this attacks on 'known magnets' or 'random stuff'. From what I've seen the frequency of attacks on 'all customers' seems to be slowing SOME. There are the normal nuisance points which attract attacks for whichever reason. So, Avleen, can you seperate the 'known magnets' from 'random stuff' and say which direction the trend is moving?
If we class "popular websites", "servers / networks at major ISPs", "IRC servers" and "the latest popular thing" as magnets, and "small business sites", "personal pages" etc as the random stuff, then I don't believe attacks on magnets have gone down at all. On the random stuff I cannot comment, as I've had surprisingly little dealing with that.
As to the 'strength' of attacks. It seems that bandwidth and pps rates have incresed over time. This COULD BE because you can own up 10,000 xp machines in a heartbeat, or it could be a reflection of bigger/better/faster single hosts being taken over. It's hard to tell from my end of the party :(
I don't think it would be unfair to assume it is both. Again that stands to simple logic. More hosts on the internet = more potential drones. More availible global bandwidth = larger volume output from each drone.
I don't have any evidence. Nor do I *believe* the number of attacks is decreasing. If anything, its staying the same or going up, as more people decide it's fun to take networks offline through the greater and greater number of compromised hosts.
The greater number of compromisable hosts seems to be the constant in this arguement. So, like we've said for several years, until the end station is secured 'better' the consistency and strength of attacks will continue that upward trend.
Indeed. I believe the ISP of the end user is the party responsible here. If the ISP is allowing access through their network, they need to be responsible for the data leaving their networl which originates in their network.