[59315] in North American Network Operators' Group
RE: Country of Origin for Malicious Attacks
daemon@ATHENA.MIT.EDU (McBurnett, Jim)
Wed Jun 25 12:53:15 2003
Date: Wed, 25 Jun 2003 12:06:21 -0400
From: "McBurnett, Jim" <jmcburnett@msmgmt.com>
To: <sgorman1@gmu.edu>, <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
Sean,
of the scans I get and have seen..
60% APNIC region
Most noteably- Taiwan, China, and Korea (north)
20% RIPE=20
Most noteable- Former Soviet Block nations then
Scandanavian countries...
20% ARIN/LACNIC
=09
This is a rough estimate from the last 3 weeks...
I guess you may be after this kind of fact:
When I blocked HINET
(Taiwan based-- has a single /16 to my knowledge)
I cut scans/probes by 20%....
Later,
Jim
-----Original Message-----
From: sgorman1@gmu.edu [mailto:sgorman1@gmu.edu]
Sent: Wednesday, June 25, 2003 11:58 AM
To: nanog@merit.edu
Subject: Country of Origin for Malicious Attacks
I was wondering if folks had noticed any trends with malicious=20
network attacks predominantly originating from any individual=20
or group of countries. Any observations, comments or help=20
would be greatly appreciated.
Thanks,
sean
