North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Country of Origin for Malicious Attacks

  • From: Jamie Reid
  • Date: Thu Jun 26 21:52:44 2003

I've found that country of origin is less relevant than route/subnet and ASN, as there
is a link between the address and the people in a position to actually respond to the problem. 

I'd be interested in knowing how linking aggregated attack information to country of 
origin is actually valuable relative to our ability to respond to it. 

Cheers, 

-j



--
Jamie.Reid, CISSP, [email protected]
Senior Security Specialist, Information Protection Centre 
Corporate Security, MBS  
416 327 2324 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR></HEAD>
<BODY style="MARGIN-TOP: 2px; FONT: 8pt Tahoma; MARGIN-LEFT: 2px">
<DIV><FONT size=1></FONT>&nbsp;</DIV>
<DIV><FONT size=1>I've found that country of origin is less relevant than 
route/subnet and ASN, as there</FONT></DIV>
<DIV><FONT size=1>is a link between the address and the people in a position to 
actually respond to the problem. </FONT></DIV>
<DIV><FONT size=1></FONT>&nbsp;</DIV>
<DIV><FONT size=1>I'd be interested in knowing how linking aggregated attack 
information&nbsp;to country of </FONT></DIV>
<DIV><FONT size=1>origin is actually valuable relative to our ability to respond 
to it. </FONT></DIV>
<DIV><FONT size=1></FONT>&nbsp;</DIV>
<DIV><FONT size=1>Cheers, </FONT></DIV>
<DIV><FONT size=1></FONT>&nbsp;</DIV>
<DIV><FONT size=1>-j</FONT></DIV>
<DIV><FONT size=1></FONT>&nbsp;</DIV>
<DIV><FONT size=1></FONT>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT size=1>--<BR>Jamie.Reid, CISSP, <A 
href="mailto:[email protected]";>[email protected]</A><BR>Senior 
Security Specialist, Information Protection Centre <BR>Corporate Security, 
MBS&nbsp; <BR>416 327 2324 </FONT></DIV></BODY></HTML>