Thanks for all the replies. I was not sure how to tackle the origin problem, so I figured I'd leave it wide open. Both origin as seen by the network, prima facia, and orgin as traced through proxies etc. are useful. Please send along either, but maybe a discalimer saying which would be useful.
Many thanks, sean ----- Original Message ----- From: "Scott A. McIntyre" <[EMAIL PROTECTED]> Date: Wednesday, June 25, 2003 12:46 pm Subject: Re: Country of Origin for Malicious Attacks > > > Hi, > > >> : I was wondering if folks had noticed any trends with > malicious network > >> : attacks predominantly originating from any individual or > group of > >> : countries. Any observations, comments or help would be greatly > >> : appreciated. > > As I'm sure will be mentioned a few dozen times by the time this > message > gets to the list, "origin" isn't as simple as where the packets > you see > come from. > > Malicious attacks can and do come from many places, people, > groups, > organizations -- utilizing any number of compromised systems, > trojans, > bots, proxies, truly malicious attacks can often be as difficult > to trace > as a Hollywood movie phone call, routing through a dozen systems > in as many > countries. > > If people replying on this thread mean that they've actually > tracked the > true source of the malicious activity back to > (.it|.cn|.ro|.ru|.fr|...) by > working with network and system administrators then it might be > useful to > point that part out, as well as share how you found responsible > contacts > who verified your investigations and assisted for some of these > (and many > other) countries. > > Scott > > >
