North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.

  • From: Johannes B. Ullrich
  • Date: Fri Apr 26 15:23:01 2002

First of all: Does it matter if the Chinese Govt' is launching the attack
or the kid next door?

Personally, I would think if the Chinese Govt' has any sense at all, they
surely look into cyberwar. Which respectable government doesn't ?

In my opinion the real problem/story is the uphauling state of internet
security. I am running DShield.org and regularly try to talk to people
that show up as 'top attackers' in our list personally on the phone. 
Just a quote from a guy that identified himself as "MIS Department" for a 
public interest group (from memory, not word by word):

Me: "I think your PC with the IP address xxx.xxx.xxx.xxx is infected
     with the Nimda virus and also used as an IRC proxy"
MIS-Dept: "Are there any more number to an IP address or is this it?"

(later he kind of suspected that his boss's desktop may be infected. 
 It is still scanning nicely so far.)

Other identified Nimda infections included a little mortage broker/bank
and an office from a large tax preparation company.

And thats just Nimda, which is pretty much 'in your face' as it scans
quite actively. Don't get me started on all the home PCs used for botnet,
ircs proxies or whatever the backdoor d'jeur is.

I don't think a government effort will change anything. Somehow,
the 'net' has to find a mechanism to deal with this. The problem is
way too international. I am experimenting with a 'block list'
lately of netblocks that are very active scanners. 
(if anybody is interested: http://feeds.dshield.org/block.txt).
It kind of shows the problem. Next to the all-time favorite CN networks,
there is your usual mix of AT&T Broadband, Chello NL, and two
german universities. 

 Anyway... How many systems are 'backdoored' at any time?
My personal guess is 1 out of 1000. maybe 5000.

 (and thats before I had my coffee).

-- 
-------
[email protected]                 Join http://www.DShield.org
                          Distributed Intrusion Detection System