Re: cyber-9/11

[quispiam lepidus <quispiam.lepidus () gmail com>]

On Wed, Apr 8, 2009 at 2:59 PM, Richard Golodner
<rgolodner () infratection com> wrote:
<snip>
> I see plenty of questionable log entries from Chinese IP space, but isn't the appeal of China the ease of
> which anyone anywhere can host just about anything?
>        Richard

I used to see a lot too, well over 50% of bad traffic hitting my edge
originated in .cn (and don't get me started on the percentage of
spam).

Now I see none :) We don't do business in China, so a decision was
made to drop all traffic originating there at the edge. The immediate
reduction in spam and malicious traffic was insane.

The only ramification so far has been a few staff of Chinese origin
being a bit peeved they can't read their daily news anymore...

Not very sportsman like of us, but our IPS etc are a whole lot quieter.

I do believe that there are state sponsored attacks occuring, but I
don't believe that it's limited to the Chinese. Espionage is
espionage, I don't think there's a rule book defining how they should
obtain their intel.

There was an interesting article in the news a few days ago about the
Australian Prime Minister's recent visit to China:

http://www.upi.com/Top_News/2009/04/02/Chinese-reportedly-try-to-hack-Rudd/UPI-78921238726460/

The gist of it is that he and his staff were targetted electronically
whilst over there.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.