On Wed, Apr 8, 2009 at 2:59 PM, Richard Golodner <[email protected]> wrote: <snip> > I see plenty of questionable log entries from Chinese IP space, but isn't the > appeal of China the ease of > which anyone anywhere can host just about anything? > Richard >
I used to see a lot too, well over 50% of bad traffic hitting my edge originated in .cn (and don't get me started on the percentage of spam). Now I see none :) We don't do business in China, so a decision was made to drop all traffic originating there at the edge. The immediate reduction in spam and malicious traffic was insane. The only ramification so far has been a few staff of Chinese origin being a bit peeved they can't read their daily news anymore... Not very sportsman like of us, but our IPS etc are a whole lot quieter. I do believe that there are state sponsored attacks occuring, but I don't believe that it's limited to the Chinese. Espionage is espionage, I don't think there's a rule book defining how they should obtain their intel. There was an interesting article in the news a few days ago about the Australian Prime Minister's recent visit to China: http://www.upi.com/Top_News/2009/04/02/Chinese-reportedly-try-to-hack-Rudd/UPI-78921238726460/ The gist of it is that he and his staff were targetted electronically whilst over there. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
