I've found that country of origin is less relevant than
route/subnet and ASN, as there
is a link between the address and the people in a position to
actually respond to the problem.
I'd be interested in knowing how linking aggregated attack
information to country of
origin is actually valuable relative to our ability to respond
to it.
Cheers,
-j
--
Jamie.Reid, CISSP, jamie.reid@mbs.gov.on.ca
Senior
Security Specialist, Information Protection Centre
Corporate Security,
MBS
416 327 2324