Re: Country of Origin for Malicious Attacks

[sgorman1 () gmu edu]

Thanks for all the replies.  I was not sure how to tackle the origin problem, so I figured I'd leave it wide open.  
Both origin as seen by the network, prima facia, and orgin as traced through proxies etc. are useful.  Please send 
along either, but maybe a discalimer saying which would be useful.  

Many thanks,

sean

----- Original Message -----
From: "Scott A. McIntyre" <scott () xs4all net>
Date: Wednesday, June 25, 2003 12:46 pm
Subject: Re: Country of Origin for Malicious Attacks

> Hi,
>
> > > : I was wondering if folks had noticed any trends with 
> malicious network
> > > : attacks predominantly originating from any individual or 
> group of
> > > : countries.  Any observations, comments or help would be greatly
> > > : appreciated.
>
> As I'm sure will be mentioned a few dozen times by the time this 
> message 
> gets to the list, "origin" isn't as simple as where the packets 
> you see 
> come from.
>
> Malicious attacks can and do come from many places, people, 
> groups, 
> organizations -- utilizing any number of compromised systems, 
> trojans, 
> bots, proxies, truly malicious attacks can often be as difficult 
> to trace 
> as a Hollywood movie phone call, routing through a dozen systems 
> in as many 
> countries.
>
> If people replying on this thread mean that they've actually 
> tracked the 
> true source of the malicious activity back to 
> (.it|.cn|.ro|.ru|.fr|...) by 
> working with network and system administrators then it might be 
> useful to 
> point that part out, as well as share how you found responsible 
> contacts 
> who verified your investigations and assisted for some of these 
> (and many 
> other) countries.
>
> Scott