RE: Country of Origin for Malicious Attacks
Outside of the U.S., I'll nominate France and the Pacific Rim countries. -----Original Message----- From: sgorman1@gmu.edu [mailto:sgorman1@gmu.edu] Sent: Wednesday, June 25, 2003 11:58 AM To: nanog@merit.edu Subject: Country of Origin for Malicious Attacks I was wondering if folks had noticed any trends with malicious network attacks predominantly originating from any individual or group of countries. Any observations, comments or help would be greatly appreciated. Thanks, sean
My observations lately concur with that. .fr .cn .kr (and a sprinkling of .nl) with .fr way in the lead here. :-( scott On Wed, 25 Jun 2003, netadm wrote: : : Outside of the U.S., I'll nominate France and the Pacific Rim : countries. : : -----Original Message----- : From: sgorman1@gmu.edu [mailto:sgorman1@gmu.edu] : Sent: Wednesday, June 25, 2003 11:58 AM : To: nanog@merit.edu : Subject: Country of Origin for Malicious Attacks : : : : : I was wondering if folks had noticed any trends with malicious network : attacks predominantly originating from any individual or group of : countries. Any observations, comments or help would be greatly : appreciated. : : Thanks, : : sean : : :
We've also had a high amount of attacks from .de and .it. Thanks, Adam Debus Linux Certified Professional, Linux Certified Administrator #447641 Network Administrator, ReachONE Internet adam@reachone.com ----- Original Message ----- From: "Scott Weeks" <surfer@mauigateway.com> To: "netadm" <netadm@infolink.com> Cc: <sgorman1@gmu.edu>; <nanog@merit.edu> Sent: Wednesday, June 25, 2003 9:09 AM Subject: RE: Country of Origin for Malicious Attacks
My observations lately concur with that. .fr .cn .kr (and a sprinkling of .nl) with .fr way in the lead here. :-(
scott
On Wed, 25 Jun 2003, netadm wrote:
: : Outside of the U.S., I'll nominate France and the Pacific Rim : countries. : : -----Original Message----- : From: sgorman1@gmu.edu [mailto:sgorman1@gmu.edu] : Sent: Wednesday, June 25, 2003 11:58 AM : To: nanog@merit.edu : Subject: Country of Origin for Malicious Attacks : : : : : I was wondering if folks had noticed any trends with malicious network : attacks predominantly originating from any individual or group of : countries. Any observations, comments or help would be greatly : appreciated. : : Thanks, : : sean : : :
Hi,
: I was wondering if folks had noticed any trends with malicious network : attacks predominantly originating from any individual or group of : countries. Any observations, comments or help would be greatly : appreciated.
As I'm sure will be mentioned a few dozen times by the time this message gets to the list, "origin" isn't as simple as where the packets you see come from. Malicious attacks can and do come from many places, people, groups, organizations -- utilizing any number of compromised systems, trojans, bots, proxies, truly malicious attacks can often be as difficult to trace as a Hollywood movie phone call, routing through a dozen systems in as many countries. If people replying on this thread mean that they've actually tracked the true source of the malicious activity back to (.it|.cn|.ro|.ru|.fr|...) by working with network and system administrators then it might be useful to point that part out, as well as share how you found responsible contacts who verified your investigations and assisted for some of these (and many other) countries. Scott
participants (4)
-
Adam Debus -
netadm -
Scott A. McIntyre -
Scott Weeks