nanog mailing list archives
Re: Country of Origin for Malicious Attacks
From: sgorman1 () gmu edu
Date: Wed, 25 Jun 2003 13:19:55 -0400
Thanks for all the replies. I was not sure how to tackle the origin problem, so I figured I'd leave it wide open. Both origin as seen by the network, prima facia, and orgin as traced through proxies etc. are useful. Please send along either, but maybe a discalimer saying which would be useful. Many thanks, sean ----- Original Message ----- From: "Scott A. McIntyre" <scott () xs4all net> Date: Wednesday, June 25, 2003 12:46 pm Subject: Re: Country of Origin for Malicious Attacks
Hi,: I was wondering if folks had noticed any trends withmalicious network: attacks predominantly originating from any individual orgroup of: countries. Any observations, comments or help would be greatly : appreciated.As I'm sure will be mentioned a few dozen times by the time this message gets to the list, "origin" isn't as simple as where the packets you see come from. Malicious attacks can and do come from many places, people, groups, organizations -- utilizing any number of compromised systems, trojans, bots, proxies, truly malicious attacks can often be as difficult to trace as a Hollywood movie phone call, routing through a dozen systems in as many countries. If people replying on this thread mean that they've actually tracked the true source of the malicious activity back to (.it|.cn|.ro|.ru|.fr|...) by working with network and system administrators then it might be useful to point that part out, as well as share how you found responsible contacts who verified your investigations and assisted for some of these (and many other) countries. Scott
Current thread:
- Country of Origin for Malicious Attacks sgorman1 (Jun 25)
- Re: Country of Origin for Malicious Attacks Sean Donelan (Jun 25)
- <Possible follow-ups>
- RE: Country of Origin for Malicious Attacks netadm (Jun 25)
- RE: Country of Origin for Malicious Attacks Scott Weeks (Jun 25)
- Re: Country of Origin for Malicious Attacks Adam Debus (Jun 25)
- Re: Country of Origin for Malicious Attacks Scott A. McIntyre (Jun 25)
- RE: Country of Origin for Malicious Attacks Scott Weeks (Jun 25)
- RE: Country of Origin for Malicious Attacks McBurnett, Jim (Jun 25)
- Re: Country of Origin for Malicious Attacks sgorman1 (Jun 25)
- Re: Country of Origin for Malicious Attacks Jamie Reid (Jun 26)
- Live attackers or blind worms? (was Re: Country of Origin for Malicious Attacks) Bill Zeng (Jun 26)
- Re: Country of Origin for Malicious Attacks Peter Galbavy (Jun 27)
- Re: Country of Origin for Malicious Attacks sgorman1 (Jun 27)
- Re: Country of Origin for Malicious Attacks sgorman1 (Jun 27)