Internet Storm Center Tracks Hack Attacks

An Anonymous Coward writes: "It looks like Incidents.org has a new offspring, the Internet Storm Center. The internet storm center uses data from DShield.org to track hack attacks all over the world. Some of the interesting trivia: While usually, China has a bad reputation for the volume of attack coming from it, the US outpaces China by a lot. Actually, China only comes in at #6. So much for the great security boost the US gets from using genuine Microsoft software."

Moderated Lead-Message Posting: -1: Flamebait

[ScottKin]

Since when is the ammount of hacking attacks / attempts directly equivalent to the number of Windows boxen?

As I can remember, this is *not* the first time that a lead topic posting could be considered as "Flamebait" - but obviously, the /. topic-nazi's look the other way when it's virtually an ad hominem attack against Windows.

misleading details

This is a cool project, but its good to keep in mind what the numbers actually mean. Not everything that gets reported to them is an actual attack, in fact I'd guess that at least a third if not more of the reported incidents aren't.

For example, digging through the site I found 2 IPs that I'm responsible for on the list of sources for these. One is our primary DNS server, the other our mail server. The report about the DNS server is probably due to a stateful firewall that blocked some of the return packets from a lookup. The report about the mail server is probably due to its trying to do an auth lookup for incoming mail. Neither one is an attack, but either one could have been an attack for all that the receiving end can tell.

And in case anyone is curious, yes I did just spend 30 minutes double checking those machines after reading this. Me, paranoid?