Country of Origin for Malicious Attacks
Scott A. McIntyre
scott at xs4all.net
Wed Jun 25 16:46:50 UTC 2003
Hi,
>> : I was wondering if folks had noticed any trends with malicious network
>> : attacks predominantly originating from any individual or group of
>> : countries. Any observations, comments or help would be greatly
>> : appreciated.
As I'm sure will be mentioned a few dozen times by the time this message
gets to the list, "origin" isn't as simple as where the packets you see
come from.
Malicious attacks can and do come from many places, people, groups,
organizations -- utilizing any number of compromised systems, trojans,
bots, proxies, truly malicious attacks can often be as difficult to trace
as a Hollywood movie phone call, routing through a dozen systems in as many
countries.
If people replying on this thread mean that they've actually tracked the
true source of the malicious activity back to (.it|.cn|.ro|.ru|.fr|...) by
working with network and system administrators then it might be useful to
point that part out, as well as share how you found responsible contacts
who verified your investigations and assisted for some of these (and many
other) countries.
Scott
More information about the NANOG
mailing list