[funsec] cyber-9/11
quispiam lepidus
quispiam.lepidus at gmail.com
Wed Apr 8 11:05:53 CDT 2009
On Wed, Apr 8, 2009 at 2:59 PM, Richard Golodner
<rgolodner at infratection.com> wrote:
<snip>
> I see plenty of questionable log entries from Chinese IP space, but isn't the appeal of China the ease of
> which anyone anywhere can host just about anything?
> Richard
>
I used to see a lot too, well over 50% of bad traffic hitting my edge
originated in .cn (and don't get me started on the percentage of
spam).
Now I see none :) We don't do business in China, so a decision was
made to drop all traffic originating there at the edge. The immediate
reduction in spam and malicious traffic was insane.
The only ramification so far has been a few staff of Chinese origin
being a bit peeved they can't read their daily news anymore...
Not very sportsman like of us, but our IPS etc are a whole lot quieter.
I do believe that there are state sponsored attacks occuring, but I
don't believe that it's limited to the Chinese. Espionage is
espionage, I don't think there's a rule book defining how they should
obtain their intel.
There was an interesting article in the news a few days ago about the
Australian Prime Minister's recent visit to China:
http://www.upi.com/Top_News/2009/04/02/Chinese-reportedly-try-to-hack-Rudd/UPI-78921238726460/
The gist of it is that he and his staff were targetted electronically
whilst over there.
More information about the funsec
mailing list