Security Basics mailing list archives
Re: Source of hack attemps
From: "Bob Radvanovsky" <rsradvan () unixworks net>
Date: Thu, 11 Mar 2004 19:31:53 -0600
If it's any consolation, I can, without a doubt, state that since I have installed/configured an IDS solution on my "home lab" network (small lab... http://www.unixworks.net/lab), that I have had OVER 68,000 signatured attacks, all the way from slow/fast port scans to full-blown NetBIOS/NETBUI attacks. Of the 68,000+ attacks, over 24,000 were port scans. Of the remaining 45%, approx. 60% are TCP packets, 30% are UDP packets, and roughly 10% are ICMP packets. [TCP] Of the TCP packets, approx. 23% are US-based, of which almost 80% are from cable-modems and ADSL connections, with the remaining 20% from corporate-based environments or hosting providers; over 55% were from the Pacfic Rim region, with almost 70% of that originating from China, of which, 6 locations were from China, 4 of which originated from Singapore, almost even split between Korea, Taiwan, and Japan (in that order), with mostly dial-up connections originating from dialup providers, with Japan being the exception with some ADSL connections; over 20% originating from Eastern Block countries (Russia, Czechoslovakia, Yugoslovakia, Romania [in that order]), and the remaining amount mostly from Central and Southern Americas (tied between Argentina and Brazil, with Mexico last). Attack signatures were mostly NetBIOS and NETBUI-based (have 2 Windows servers online, and they are broadcasting beacons for keep-alive connections). [UDP] Similar statistics of originating countries, except that the next statistics were with various trojans and worms (MS-SQL being highest amount at 65% of the trojan/worm category, with the latest Bagel virus next, and miscellaneous after that). Of which, there was a significantly higher number of trojans and worms originating from the Pacific Rim region, with over 73% originating from China! Taiwan was next at 15%, Japan next at 7%, and Korea (believe it or not) was the lowest. [ICMP] Here, the statistics originated from predominately the Eastern Block countries, with Russia holding at 86% of most ICMP attacks, mostly slow stealth and tunneling attacks, Czechoslovakia having approx. 7%, and the remaining amount was from France! None from the Americas or the U.S. Do any of these statistics help you in your endeavors? The source is my network, through which the IDS has been operational since 23-Feb-2004. ;) Cheers! Bob Radvanovsky [/unixworks] rsradvan(at)unixworks.com "knowledge squared is information shared." ----- Original Message ----- From: "Austin Moran" <mis () nysar com> To: <security-basics () securityfocus com> Sent: Thursday, March 11, 2004 7:49 AM Subject: Source of hack attemps
Does anyone know what the leading countries are for attempts to violate
network security? Is there a list which might show the top five or ten countries for sources of computer hackers?
thanks in advance, Austin --------------------------------------------------------------------------
-
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html --------------------------------------------------------------------------
-- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Source of hack attemps Austin Moran (Mar 11)
- RE: Source of hack attemps Justin Biggs (Mar 12)
- Re: Source of hack attemps Bob Radvanovsky (Mar 12)
- Re: Source of hack attemps Charles Funderburk (Mar 12)
- Re: Source of hack attemps Rick Van Luvender (Mar 12)
- Re: Source of hack attemps Fabiano Domingues (Mar 12)
- <Possible follow-ups>
- Re: Source of hack attemps Andrew Pretzl (Mar 12)
- RE: Source of hack attemps Ed Whitesell (Mar 12)