US Responsible For the Majority of Cyber Attacks 205
Amber G5 writes "SecureWorks published the locations of the computers from which the greatest number of cyber attacks were attempted against its clients in 2008. The United States topped the list with 20.6 million attempted attacks originating from computers within the country, and China ran second with 7.7 million attempted attacks emanating from computers within its borders. This was followed by Brazil with over 166,987 attempted attacks, South Korea with 162,289, Poland with 153,205, Japan with 142,346, Russia with 130,572, Taiwan with 124,997, Germany with 110,493, and Canada with 107,483."
Re:redirection (Score:4, Informative)
Re:Ummm, duh? (Score:5, Informative)
And certainly there are a ton more computers in the U.S. than in China, although that will certainly change within the next decade or so.
Actually, China has ~253 million Internet users. The US has only ~215 million. It could just be that your numbers are dated - They're increasing that number about 8x as fast as we are. Look for yourself: http://www.internetworldstats.com/stats.htm [internetworldstats.com]
Re:Ummm, duh? (Score:5, Informative)
Actually, just while I have the numbers pulled up, here are the number of "attacks" from each country mentioned in TFS scaled by the number of Internet users in the country. Since I'm inferring that these are total attacks and not unique IPs, I guess that these numbers are "attacks per Internet user".
0.09581 US
0.03043 China
0.00958 Poland
0.00812 Taiwan
0.00489 Canada
0.00466 South Korea
0.00392 Brazil
0.00210 Germany
0.00151 Japan
Re:Actually... (Score:3, Informative)
Unless you're performing a DoS isn't IP spoofing very counterproductive since you cant get a response?
Re:Actually... (Score:4, Informative)
Unless you're performing a DoS isn't IP spoofing very counterproductive since you cant get a response?
Usually, yes. But some things can be accomplished, like the Windows Messaging spamming coming into UDP ports 1026-1028, nearly every second of every day it's coming into our network, trying to pop-up messages onto Windows users' computers. The messages tell them their computers are infected and they need to go and download something to fix it. Well, you can guess what will happen if they do :) Oh, they are being sent with spoofed addresses appearing to come from Shaw Cable.
From our cisco's access-list counters, which was just reset yesterday:
deny udp any any range 1026 1028 (8692 matches)
We've a reflexive access list that will allow UDP incoming on those ports if originated inside the network.
Lots of traffic comes from the reserved IP blocks, too. As well as spoofed local IP addresses. All sorts of nastiness.
deny ip 10.0.0.0 0.255.255.255 any (4232 matches)
deny ip 172.16.0.0 0.15.255.255 any (603 matches)
deny ip 192.168.0.0 0.0.255.255 any (1540 matches)
-Aaron
Re:What? You're kidding, right? (Score:3, Informative)
How many people do you think are out there maliciously portscanning? I've met way more normal computer professionals than psycho computer criminals that spend forty hours a week cracking.
Quite a number of them, and they're not exactly sitting around typing in nmap command lines by hand, you know. They have automated tools to scan large sections of the internet for known vulnerabilities to exploit. They don't run "thousands" of portscans, they run millions.
And the fact that you haven't met many of them might have more to do with you not associating with criminals, hmm?
Re:Within the U.S. (Score:2, Informative)
http://www.etforecasts.com/products/ES_cinusev2.htm [etforecasts.com]
The top ten countries according to this website is:
1. U. S.
2. Japan
3. China
4. Germany
5. UK
6. France
7. South Korea
8. Italy
9. Canada
10. Brazil