Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Storm Center Tracks Hack Attacks

Posted by ryuzaki0 on from the graphic-violence dept.

An Anonymous Coward writes: "It looks like Incidents.org has a new offspring, the Internet Storm Center. The internet storm center uses data from DShield.org to track hack attacks all over the world. Some of the interesting trivia: While usually, China has a bad reputation for the volume of attack coming from it, the US outpaces China by a lot. Actually, China only comes in at #6. So much for the great security boost the US gets from using genuine Microsoft software."

5 of 55 comments (clear)

  1. Moderated Lead-Message Posting: -1: Flamebait by ScottKin · · Score: 4, Interesting

    Since when is the ammount of hacking attacks / attempts directly equivalent to the number of Windows boxen?

    As I can remember, this is *not* the first time that a lead topic posting could be considered as "Flamebait" - but obviously, the /. topic-nazi's look the other way when it's virtually an ad hominem attack against Windows.

    --
    I don't give a rat's behind about "karma" here or anywhere else. Don't like what I have to say here? Deal with it!
  2. Survey: We Only See the Tip of the Iceberg by ltsmash · · Score: 3, Informative

    The Computer Security Institute announced in its Computer Crime and Security Survey that 90% of respondents had security breaches in the last year. ONLY 34% reported ANY of the breaches to law enforcement for fear of bad publicity.

    Bottom line: We barely see the tip of the iceberg when it comes to computer security breaches.
  3. Re:incorrect by rosewood · · Score: 3, Funny

    when I made my /upload dir world readable/writeable - I had all kinds of german warez and porn in it!

    --
    The ultimate network admin tool needs HELP!
  4. misleading details by Anonymous Coward · · Score: 3, Interesting
    This is a cool project, but its good to keep in mind what the numbers actually mean. Not everything that gets reported to them is an actual attack, in fact I'd guess that at least a third if not more of the reported incidents aren't.

    For example, digging through the site I found 2 IPs that I'm responsible for on the list of sources for these. One is our primary DNS server, the other our mail server. The report about the DNS server is probably due to a stateful firewall that blocked some of the return packets from a lookup. The report about the mail server is probably due to its trying to do an auth lookup for incoming mail. Neither one is an attack, but either one could have been an attack for all that the receiving end can tell.

    And in case anyone is curious, yes I did just spend 30 minutes double checking those machines after reading this. Me, paranoid?

  5. Re:Script to block top 10 attacker ips... by Barbarian · · Score: 3, Funny

    Just wait until some hacker hacks dshield.org and puts 127.0.0.1 in the list