[59320] in North American Network Operators' Group
Re: Country of Origin for Malicious Attacks
daemon@ATHENA.MIT.EDU (sgorman1@gmu.edu)
Wed Jun 25 13:20:30 2003
Date: Wed, 25 Jun 2003 13:19:55 -0400
From: sgorman1@gmu.edu
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Thanks for all the replies. I was not sure how to tackle the origin problem, so I figured I'd leave it wide open. Both origin as seen by the network, prima facia, and orgin as traced through proxies etc. are useful. Please send along either, but maybe a discalimer saying which would be useful.
Many thanks,
sean
----- Original Message -----
From: "Scott A. McIntyre" <scott@xs4all.net>
Date: Wednesday, June 25, 2003 12:46 pm
Subject: Re: Country of Origin for Malicious Attacks
>
>
> Hi,
>
> >> : I was wondering if folks had noticed any trends with
> malicious network
> >> : attacks predominantly originating from any individual or
> group of
> >> : countries. Any observations, comments or help would be greatly
> >> : appreciated.
>
> As I'm sure will be mentioned a few dozen times by the time this
> message
> gets to the list, "origin" isn't as simple as where the packets
> you see
> come from.
>
> Malicious attacks can and do come from many places, people,
> groups,
> organizations -- utilizing any number of compromised systems,
> trojans,
> bots, proxies, truly malicious attacks can often be as difficult
> to trace
> as a Hollywood movie phone call, routing through a dozen systems
> in as many
> countries.
>
> If people replying on this thread mean that they've actually
> tracked the
> true source of the malicious activity back to
> (.it|.cn|.ro|.ru|.fr|...) by
> working with network and system administrators then it might be
> useful to
> point that part out, as well as share how you found responsible
> contacts
> who verified your investigations and assisted for some of these
> (and many
> other) countries.
>
> Scott
>
>
>
