Re: Country of Origin for Malicious Attacks
I've found that country of origin is less relevant than route/subnet and ASN, as there is a link between the address and the people in a position to actually respond to the problem. I'd be interested in knowing how linking aggregated attack information to country of origin is actually valuable relative to our ability to respond to it. Cheers, -j -- Jamie.Reid, CISSP, jamie.reid@mbs.gov.on.ca Senior Security Specialist, Information Protection Centre Corporate Security, MBS 416 327 2324
Since the birth of CodeRed II and Nimda in Fall 2001, web/IDS logs have constantly been filled with steady influx of IIS-based attacks. I remember a site was set up for people to report IP's of attacking boxes infected with such worms. Having seen such log entries piling up fast and nonstop for the past 22 months, I often wondered that they could serve as a good cover for directed, covert attacks by real persons/groups. This posting might not be a qualified topic for this list - my apologies. Bill
Jamie Reid wrote:
I'd be interested in knowing how linking aggregated attack information to country of origin is actually valuable relative to our ability to respond to it.
It mostly salves the prejudices of those who want to see certain other countries as the enemy. My view, as most of this stuff advertises US based 'products and services' (generous description), it should really be a case of 'follow the money' as per previous thread. Peter
participants (3)
-
Bill Zeng -
Jamie Reid -
Peter Galbavy