Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Internet's Bad Neighborhoods

Posted by timothy on from the wrong-crowd dept.

An anonymous reader writes "Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the spamming IP addresses — and some ISPs have more than 60% of compromised hosts, mostly in Asia. Phishing Bad Neighborhoods, on the other hand, are mostly in the U.S. Also, there is a silent ticking 'spam' bomb in BRIC countries: if India would have the same Internet penetration rate as the United States while keeping its current ratio of malicious IP addresses, we would observe 200% more spamming IP addresses worldwide. These are just few of the striking results of an extensive study from the University of Twente, in The Netherlands, which scrutinizes the Internet Bad Neighborhoods to develop next-generation algorithms and solutions to better secure networks."

23 of 77 comments (clear)

  1. How is this news? by Synerg1y · · Score: 3, Insightful

    Anybody who's worked at a datacenter has known this for years and years. And comparing them to bad neighbors is correct... if we didn't consider scope and the medium. It's a lot harder to police something that's not in physical form and is transitional, and A LOT harder when it's in a country you don't have jurisdiction over. Sure you could block these ISPs and in a lot of cases it makes sense, if your website is national, then it can save a lot of pain, but it's not the end all solution to spam.

    1. Re:How is this news? by phantomfive · · Score: 2

      I wasn't aware of the India issue, were you?

      --
      "First they came for the slanderers and i said nothing."
    2. Re:How is this news? by ninjacheeseburger · · Score: 4, Insightful

      Most of us don't work in datacenters.

      I think this could easily become a huge issue. We are lucky that most phishing emails are of a very low standard and it's easy to spot the fakes.

      I'm guessing that these developing countries don't take cyber crime to seriously at the moment, perhaps instead of governments pushing SOPA and and ACTA they could come up with agreements which will encourage BRIC nations to start cracking down on spammers before the problem gets out of hand.

    3. Re:How is this news? by Synerg1y · · Score: 2

      India was called Eastern Europe a few years back in regards to spam. The locations may change, the concept of a botnet remains the same. Obviously, spammers will find the least regulated, easily available ISP around.

    4. Re:How is this news? by Synerg1y · · Score: 2

      And with enough resources they would... that's why the spammers pick them. But the problem is mobile, it moves from country to country, simply blocking IP blocks is a band aid solution.

    5. Re:How is this news? by thejynxed · · Score: 2

      I was. India easily has the potential to quickly transform into the next "Nigeria" once their internet penetration gets large enough.

      Combine millions of people in poverty with easy and less than honest ways to quickly swipe money from some "rich" foreigner?

      We won't even get into their law enforcement practices.

      --
      @Mindless Drivel: 100% of Twitter posts ever Tweeted.
  2. Drone Strikes by stevegee58 · · Score: 2, Funny

    Doesn't sound like anything that a few drone strikes couldn't handle.

  3. That is what you get with RIRs by CBravo · · Score: 2

    As seen at the abuse workgroup of RIPE (and I have not seen a sane discussion):

    >> This is the draft agenda for the RIPE 66 meeting...
    > No agenda item about defining (or refining the definition of) "abuse"?
    Nope.

    > I'd like to just reiterate my view that all other activities of this WG
    > will be utterly fruitless until such time as a reasonable, rational, and
    > generally accepted definition of "abuse" is in hand.

    I genuinely don't think it will be useful to spend time on this.../snip

    --
    nosig today
    1. Re:That is what you get with RIRs by Anonymous Coward · · Score: 2

      Is this for real?

      How is any unsolicited email NOT abuse?

      Either it comes from someone with a legitimate reason for emailing, or it is a mailing-list with an opt-out that works. The rest is abuse 100% of the time. This is not hard to figure out.

    2. Re:That is what you get with RIRs by CBravo · · Score: 2

      I opted to post the conclusion. Because there are all sorts of excuses to arrive at a bad conclusion.

      --
      nosig today
  4. Re:Block IP ranges by country by Myself337 · · Score: 2

    Sounds great. While I block a few ranges from getting to my websites I have yet to find a reliable way to do this for my home computer and still be able to know that this is why .com isnt working. The ablitity to block some (most!) spam and garbage sites would be great but with no way to easily tell weather a site is down or im blocking it kinda cramps my style.

    --
    I'm poor. Please donate. http://albanypcs.com
  5. Twente's Top Twenty Troublesome ISPs by Anonymous Coward · · Score: 2, Funny

    Missed headline opportunity

  6. Those aren't the phishers you're looking for by Animats · · Score: 4, Informative

    Those aren't the phishers you're really worried about. There seem to be about ten "usual suspects" we keep seeing on our phishing reports. The low-end ones are trolling for Habbo Hotel accounts. A few notches up are phony logins for bank accounts (PayPal and HSBC are popular targets. New this week: Swedish tax refunds. And, for some reason, several new phish sites for AOL 9.0 accounts.) We track these, but they're more of a nuisance than a real threat.

    The ones to worry about are better targeted and are of better quality. Those are aimed at corporate login info. Those won't be seen by broad-based phishing detection services because they're only sent to people who might have those logins. So they tend not to be blacklisted.

  7. Break it down per capita by roman_mir · · Score: 5, Interesting

    Brazil: 196,655,014 people (World Bank)
    Russia: 141,930,000 people
    India: 1,241,491,960 people
    China: 1,344,130,000 people

    that's 2,924,206,974 people total.
    world population: 6,973,738,433 people, so BRIC countries are 41% of the total in population.

    FTFA:

    Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the internet addresses that send spam.

    so I take it "nearly half" is between 40% and 50%, but less than 50%. If it's over 41%, then what we are looking here is some form of distribution of 'nuisance' that is related to the actual population and it probably shows normal distribution.

    Is this really a surprise?

    --
    You can't handle the truth.
    1. Re:Break it down per capita by AK+Marc · · Score: 2

      Yes, and when "China hacks US companies" we never see how many hacks on that company came from non-China addresses. If 1/100th of the attacks are Chinese in origin, why aren't we invading the US to stop the other 99/100, or wherever they are coming from? It seems to be an irrational nationalistic play, not an evaluation of risk and reasoned response to a threat.

      --
      Learn to love Alaska
    2. Re:Break it down per capita by stephanruby · · Score: 2

      Yes, and when "China hacks US companies" we never see how many hacks on that company came from non-China addresses. If 1/100th of the attacks are Chinese in origin, why aren't we invading the US to stop the other 99/100, or wherever they are coming from?

      Hacking attempts have different severity levels associated with them. Putting them all in the same bucket as if they were all equivalent would be disingenuous. Besides, no one rational is saying that we should be invading China over this. Also currently, if a hack is severe enough, and coming from the US, the police/FBI goes after them.

      It seems to be an irrational nationalistic play, not an evaluation of risk and reasoned response to a threat.

      That could be true. I'm not saying that it is, or that it is not. Personally, I just don't know.

      Do you know? How do you know? Is this your field?

    3. Re:Break it down per capita by AK+Marc · · Score: 3, Insightful

      It is my field. I've never been "attacked" with a coordinated intrusion attempt. I've worked on systems that were hacked by script kiddies with no agenda (it was used only for warez, when they compromised a web server). But scans I get, and I've seen port scans referred to by the US government as "attacks" because that helps generate fear and hate in the population, which allows for money and power grabs. And those seem to be distributed more on the level of compromised machines, than concentration in areas where we have "enemies" (real or perceived).

      As such, I would take the official numbers to be lies, until proven otherwise. Why? Because I have enough personal real-world experience in security to validate the implied raw numbers and invalidate the conclusions. That's why they'll never tell us enough to make up our own minds. Someone like me could prove in 5 minutes that all the conclusions are lies. So we only get false generalizations and, for all we know, 99.44% of Chinese attacks are false flag. Much like the claims that "an IP doesn't identify a person" in the copyright cases, the US is asserting that an IP from China is the government or an agent thereof. It could be a private Chinese citizen, or, more likely, someone from Russia or the US that runs a botnet.

      --
      Learn to love Alaska
  8. Re:The Internets "real" bad neighborhoods: by Anonymous Coward · · Score: 3, Informative

    How is Al-Jazeera a bad neighbourhood? I found them to be a useful source during the Egyptian revolution, it is a western-style news channel from Arabia. Just because they have been sent tapes from terrorists does not mean that they support them, just as the guardian getting leaks from wikileaks does not mean that they support wikileaks.

  9. Final solution by PopeRatzo · · Score: 3, Interesting

    Clearly the only solution is to only let the world's biggest telecoms provide Internet to people.

    I would gladly take an Internet with some "bad neighborhoods" over a completely safe Internet provided by entirely by AT&T/Comcast and a handful of megacorps who are also involved in creating content.

    The Internet/Media/Industrial Complex loves to tell us scary stories about how dangerous an "open" Internet can be. Apparently, the Internet, like the "free market" is only good if they can control it.

    Just sell us some bandwidth and I'll look out for my own safety, thanks very much.

    --
    You are welcome on my lawn.
    1. Re:Final solution by jon3k · · Score: 2

      The problem is the millions of people who are incapable of "looking out for themselves". Those are the machines that compromise the botnets spewing spam, brute forcing services and scanning for new nodes to add to the hive collective. If everyone was like you or I, this would be a non-issue.

  10. Re:ovh dedicated servers by Tablizer · · Score: 2

    the "article" was very uninformative.

    That's because you live in a Bad Documentation neighborhood.

    --
    Table-ized A.I.
  11. Re:Thanks a whole hell of a lot by ketamine-bp · · Score: 2

    It's there.

    http://doc.utwente.nl/84507/1/thesis_G_Moura.pdf

  12. Re:Block IP ranges by country by xenobyte · · Score: 2

    http://www.nirsoft.net/countryip/

    Done!

    I prefer to use: http://www.ipdeny.com/ - YMMV...

    --
    "For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --