Re: The origin of breakin attempts
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Sat, 20 May 2006 14:47:21 -0500
On 20 May 2006, in the Usenet newsgroup comp.security.misc, in article
<446eb59c$0$14260$9b622d9e@xxxxxxxxxxxxxxx>, Patrick Schaaf wrote:
Howard Bryce <Hbryce@xxxxxxxxx> writes:
What I find interesting is that whenever I look into the origin of such
attacks, based on the IP address that they are coming from, the attacks
always come, so far without exception, from one of three countries:
China, Taiwan and Korea.
NNTP-Posting-Host: 67.122.246.158
67.112.0.0 - 67.127.255.255 Pac Bell Internet Services NET-67-112-0-0-1
It varies - actually for me, SBC (PacBell, SWBell, Ameritech, SNET) is
right up there behind comcast and roadrunner. Stats for the April:
2780 US 38% 448 KR 6% 430 BR 6% 173 DE 2% 142 UK 2%
802 CN 11% 434 CA 6% 198 FR 3% 159 MX 2% 137 NL 2%
The same that was wrong with the US, until they were outnumbered
on the Internet by China et al: lots of bored students getting
net access, without familiar or other organizational behaviour
control in place...
I have _NO_ idea where you got that concept.
[compton ~]$ grep -h ipv4 IP.ADDR/stats/delegated* | grep -v summary | cut
-d'|' -f2 | sort | uniq -c | sort -n | tail | column
1137 NZ 1414 RU 1759 DE 4621 EU 5209 AU
1296 FR 1604 JP 1952 GB 4984 CA 31574 US
[compton ~]$ ^v4^v6
grep -h ipv6 IP.ADDR/stats/delegated* | grep -v summary | cut-d'|' -f2 | sort
| uniq -c | sort -n | tail | column
31 TW 43 IT 65 NL 87 GB 193 JP
36 SE 48 FR 76 KR 122 DE 217 US
[compton ~]$
That's the number of network assignments from the five RIRs. (There are
72967 assignments as of Tuesday.) If you want to compare it to host numbers,
1343133952 US 91404536 GB
80670208 CN 6414592 IN
46154240 KR 55255712 FR
16499200 TW 54031984 DE
Comcast _alone_ has more than half as many IP addresses as all of Korea. Then
you need to add SBC, RR, QWorst, Verizon, etc. There are 2307268440 IPv4
addresses assigned/allocated world wide.
The more interesting question, probably, would be in which coutries
the introduction of the Internet to the younger population was not
accompanied by such behaviour. You could learn something _there_.
And that is? (Hopefully, you can back that up with figures from an
accredited source.) As near as I can tell, the problem with China (as
well as in Korean, Taiwan, and many other countries) is that the
providers there are totally clueless, and the wide-bandwidth connected
hosts are unsecured because (like everywhere else) they are being run
by wankers whose computer knowledge is taxed by figuring out where the
on/off switch is. Consequently, there are a lot of r00ted/0wn3d boxes
being used as zombies. Another thing to think about is that the native
languages in CN, TW and KR are not using ISO8859 or ANSI character sets,
or do you believe that there are huge numbers of students in those
countries who are also learning "Western" languages and practicing
their skills by sending spam, plishing attempts, and trying to guess SSH
usernames/passwords.
Old guy
.
- Follow-Ups:
- Re: The origin of breakin attempts
- From: Patrick Schaaf
- Re: The origin of breakin attempts
- From: Barry Margolin
- Re: The origin of breakin attempts
- References:
- The origin of breakin attempts
- From: Howard Bryce
- Re: The origin of breakin attempts
- From: Patrick Schaaf
- The origin of breakin attempts
- Prev by Date: Re: obscurity for key generation
- Next by Date: Re: The origin of breakin attempts
- Previous by thread: Re: The origin of breakin attempts
- Next by thread: Re: The origin of breakin attempts
- Index(es):
Relevant Pages
|
