LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > Linux - News > Syndicated Linux News
User Name
Password
Syndicated Linux News This forum is for the discussion of Syndicated Linux News stories.

Notices

Reply
 
Search this Thread
Old 03-19-2007, 06:31 PM   #1
LXer
LXer NewsBot
 
Registered: Dec 2005
Posts: 74,714

Rep: Reputation: 87
LXer: Most Computer Attacks Originate in U.S.


Published at LXer:

The United States generates more malicious computer activity than any other country, and sophisticated hackers worldwide are banding together in highly efficient crime rings, according to a new report.

Read More...
 
Old 03-19-2007, 06:47 PM   #2
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
I don't believe it.

My evidence isn't terribly systematic because it represents my experience with my own sites and only my own sites but my experience pretty much contradicts the claim that most attacks originate in the US.

For some time, I have been working to cut down the attacks on my sites, represented by spamming of message boards and attempted hacks/cracks. This has caused me to spend a lot of time reading site logs and following traffic.

Here is what I have seen. As I progressively tightened up my sites, mostly by denying access to entire nations that were (a) not my customers and (b) the apparent sources of my problems, I observed an interesting phenomenon. An attack would originate, most commonly in Eastern Europe, and would fail due to the nation of origin being banned. Then, often, the same attack would be attempted (as identified by referrer, target url, and time frames) from other IP addresses scattered all over the globe until they hit an IP address in a nation that was not banned. Commonly this IP turns out to be in the US since I can't/won't ban US IP ranges (though I will ban individual IPs if I can identify them as broadband) and I will quickly ban IP ranges from a non english speaking country (my marketplace is pretty much restricted to the english speaking world...maybe someday I'll expand beyond that but presently I lack the resources).

So, what we have is an attack that commonly originates in Russia and tries various vectors from around the world until it finds a way through. So, the attack then appears to originate from the US, when in fact the machine in the US is a zombie owned by some unwitting fool.

I really have no reason to believe that my experience is abnormal, but my data is certainly not comprehensive. Nonetheless, I think that I know enough to cry "BS" to the Wired article (which, BTW, comes with an AP tagline - and everyone knows how bad AP is.)

Last edited by jiml8; 03-19-2007 at 06:49 PM.
 
Old 03-19-2007, 06:57 PM   #3
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
I'm not buying either. The vast majority of SSH scans and brute force attacks I have experienced have been from Eastern Europe.

Dave
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: A third of dodgy emails are phishing attacks LXer Syndicated Linux News 0 09-05-2006 10:21 AM
LXer: MS Assaults Customers with First Wave of Attacks LXer Syndicated Linux News 4 05-26-2006 02:03 PM
LXer: SANS warns of zero day attacks LXer Syndicated Linux News 0 05-01-2006 07:21 PM
LXer: Microsoft under new legal attacks LXer Syndicated Linux News 0 02-23-2006 05:46 PM
LXer: Trojan Attacks Google AdSense LXer Syndicated Linux News 0 01-02-2006 07:01 PM


All times are GMT -5. The time now is 04:00 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration