Home page logo

nanog logo nanog mailing list archives

Re: Country of Origin for Malicious Attacks
From: sgorman1 () gmu edu
Date: Wed, 25 Jun 2003 13:19:55 -0400

Thanks for all the replies.  I was not sure how to tackle the origin problem, so I figured I'd leave it wide open.  
Both origin as seen by the network, prima facia, and orgin as traced through proxies etc. are useful.  Please send 
along either, but maybe a discalimer saying which would be useful.  

Many thanks,


----- Original Message -----
From: "Scott A. McIntyre" <scott () xs4all net>
Date: Wednesday, June 25, 2003 12:46 pm
Subject: Re: Country of Origin for Malicious Attacks


: I was wondering if folks had noticed any trends with 
malicious network
: attacks predominantly originating from any individual or 
group of
: countries.  Any observations, comments or help would be greatly
: appreciated.

As I'm sure will be mentioned a few dozen times by the time this 
gets to the list, "origin" isn't as simple as where the packets 
you see 
come from.

Malicious attacks can and do come from many places, people, 
organizations -- utilizing any number of compromised systems, 
bots, proxies, truly malicious attacks can often be as difficult 
to trace 
as a Hollywood movie phone call, routing through a dozen systems 
in as many 

If people replying on this thread mean that they've actually 
tracked the 
true source of the malicious activity back to 
(.it|.cn|.ro|.ru|.fr|...) by 
working with network and system administrators then it might be 
useful to 
point that part out, as well as share how you found responsible 
who verified your investigations and assisted for some of these 
(and many 
other) countries.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]