In order to determine that, you would have to be monitoring all traffic crossing a publicly available IP address, using a firewall, correct? If my firewall is any indication, there is constant malicious traffic and spam going across the networks of cable internet providers. From what I can see, the majority of attacks are 3 types (two of the types completely automated), and occur at an average frequency of every few minutes:
1. (Most common). Automated attacks that occur on the local ISP's subnet, which come from Windows computers which have been compromised by the Nimda (or other similar, such as Code Red, IRC Flood) virus, and continually scan the local subnet for other computers to infect. 2. (Next common). MSRPC UDP port probes, all of which, I imagine, are attempts to send pop-up messages (spam) (which are blocked by my software). 3. (Least common). Actual scans by hackers (at least, I imagine they are). While attack #1 comes most often from the local subnet, and attack #2 from within sources throughout the United States, attack #3 (scans by hackers) often come from foreign countries (such as Taiwan, Japan, Northern Europe, or Brazil). Of course, I'm just talking about a local home computer on a cable network, so I have no really valid traffic coming to my computer. A computer that hosts a web site or other service on the Internet, certainly has much more traffic than what I have coming to mine. [While on the topic of Nimda, IRC Flood - can anyone explain how hackers exploit these? There is plenty of info on the symptoms and cure, but how do hackers actually use IRC Flood, which supposedly allows someone to manipulate a computer remotely. Besides the computer becoming a "robot" and attempting to infect other computers, is there actually a "backdoor" that is created? I read that IRC Flood will send messages alerting IRC users that a computer is compromised. But to what extent is an actual "backdoor" created?] Jim -----Original Message----- From: Piyush Bhatnagar [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 8:36 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Information Needed on Malicious Traffic Hi All, I am doing some research on the amount of malicious traffic on the internet. In your opinion, what percentage of traffic entering your networks (and on the internet) would you consider as dirty? By Dirty traffic I mean to refer to the traffic that is un-desired or malicious which could contain traffic related to attacks, probes, spam etc. I have read a few white papers from some security product vendors and the claims range from 5% to 30%. Any responses will be welcome. Thanks, Piyush - Regards, Piyush ========================== Piyush Bhatnagar, CISSP [EMAIL PROTECTED] ========================== ------------------------------------------------------------------------ --- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
