On Fri, Jan 04, 2002 at 11:42:27AM -0800, Jeff Simmons wrote: > > Unless I'm misunderstanding you, I find this hard to believe. > > On my computer (DSL, fixed IP), which is pretty heavily monitored, I'm > detecting only a few, maybe up to a dozen, actual attacks a day. Most of > them are from well-known root kits, targeting old vulnerabilities. Sunrpc, > lpr, imap, and anonymous ftp seem to be popular. Most attacks come from > Asia, eastern Europe used to be popular, but seems to have died down > recently. > > The only way I could get anywhere near your numbers is to count all of the > Windows-based http attacks coming from automated worms and the like. > > I'd be interested in hearing from others what kind and frequency of attacks > they're experiencing.
There's good reason for the different results. I'm located in Germany and my DSL line is from "Deutsche Telekom" (T-DSL, T-Online). This is by far the biggest provider in Germany for private DSL internet access, and they also do provide large numbers of modem and ISDN accounts. They use a few very well known ip address ranges for all DSL, modem and ISDN customers. Scanning the T-Online address ranges allows you to find heaps of german private computers. Many of the attacks I detect come from within the T-Online network, others often come from the countries you describe. I compared results with some of the colleagues results and with results we get from commercial firewalls at the same time. There is a significant difference. It appears that the T-Online network ranges are a favored target of many hackers/scanners/script kiddies. There's no doubt that some attackers prefer attacking private computers and select address ranges where they find most of these computers. Hadmut --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]