NIST: 5% of attacks against Internet infrastructure

Sean Donelan SEAN at SDG.DRA.COM
Wed Jun 2 22:57:34 UTC 1999

alex at Relcom.EU.NET (Alex P. Rudnev) writes:
>More interesting could be the _reasons of attacks_.
>(through you should divide _before NATA / after NATA bobbings -:) ).

I don't know about other people, CERT?, but I still see the biggest
correlation between the school year and attacks.  In particular, there
still is the September effect (start of the North American school year)
and a rise between spring break and the start of finals in May.  But
that may just be an artifact of my customer base, or I may be missing
the signs.  No, this is not a request or challenge to test my security.

Serbia, china, nato, etc have gotten a bunch of press coverage.  But for
the most part they vanish into the noise of what goes on every day.  If
the FBI put up an IRC server, then I would worry and try to get as far
away as possible....  I guess we now know why the FBI didn't come to Eugene
last week.

I found the NIST report on infrastructure attacks interesting because
historically phreakers/crackers have rarely gone after the network
infrastructure they used.  They did go after the billing and fraud
systems, but usually left the network elements operating (sometimes
with improvements).  Since the Internet didn't have billing or fraud
systems built into the backbone infrastructure, that eliminated a normally
attractive target.  

>From an operations point of view, are people seeing more attacks on the
backbone infrastructure itself than in the past?  Sure, routers have
fallen over in the past due to denial of service attacks.  Which were
usually directed at a host system, and the router was just collateral
damage.  But the only backbone infrastructure I can think of ever being
attacked directly was AGIS during the spam years.
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
  Affiliation given for identification not representation

More information about the NANOG mailing list