worldwide internet threat map

For anyone that is interested:-

formatting link

--
This email has been checked for viruses by Avast antivirus software. 
https://www.avast.com/antivirus
Reply to
TTman
Loading thread data ...

If threats can be tracked, why can't they be blocked? The internet should not transport malware.

--
John Larkin         Highland Technology, Inc 

lunatic fringe electronics
 Click to see the full signature
Reply to
John Larkin

Denial of service attacks can be recognised as threats, because they involves a lot of packets. Working out from any individual packet that it is part of an attack might be more difficult.

The more basic question, which John Larkin doesn't seem to have thought about, is how one might recognise "malware" and distinguish from the sort of traffic that - say - these posts involve.

--
Bill Sloman, Sydney
Reply to
bill.sloman

Because most such attacks come from hijacked PC's. The PC's are controlled by the evil bad guys from other hijacked PC's forming a "botnet". They also tend to use VPN's to cover their tracks. It's easy enough to find the source of the attacks, but not so easy finding the originator of the malware or the operators of the botnet. If you go chasing after the IP address displayed by such threat maps, you'll probably find some home or small business user with an infected PC, probably in another country.

When these botnets are not busy attacking other computers, they use their spare time to distribute email spam. Here's a list of the top spammers: Want to help solve the spam problem? Just hire a hit man and take out these spammers in alphabetical order. No need to massacre the entire list as those further down the alphabet quickly get the idea.

--
Jeff Liebermann     jeffl@cruzio.com 
150 Felker St #D    http://www.LearnByDestroying.com 
 Click to see the full signature
Reply to
Jeff Liebermann

Yes Jeffrey, and most of those hijacked PCs are in places like the Far East where the users are running illegal copies of Windows which are already compromised and on top of that they don't even bother installing updates and have no firewalls or improperly configured firewalls. A bloody good reason to use Linux!

--
This message may be freely reproduced without limit or charge only via  
the Usenet protocol. Reproduction in whole or part through other  
 Click to see the full signature
Reply to
Cursitor Doom

You clearly spent no time looking at that map. Much of the attacks were FROM the US!

Rick C.

Reply to
gnuarm.deletethisbit

at least overseas they sell a Windows International English edition or somesuch which you can usually get a license for from legit OEM sources for the equivalent of like 30 bux US. that's about what I'd pay for a piece of junk!!!! not the silly box retail US prices...

Reply to
bitrex

The map is fun to watch! USA! USA! We're kicking everybody's ass, and taking names. Seattle and Texas just tag teamed Vietnam and Russia and the Netherlands and kicked the shit outta 'em with those cyber missiles

Reply to
bitrex

A bit of added compute power in the network could snoop packets and apply some artificial intelligence to kill the bad stuff. Things like that.

Of course, a decent OS just wouldn't allow nasties.

--
John Larkin         Highland Technology, Inc 
picosecond timing   precision measurement  
 Click to see the full signature
Reply to
John Larkin

"Things like that" have another name: "magic", as in "this is the point at which magic is invoked".

Impossible to achieve, but most of the current crop are shockingly dismal, favouring "ease of use" and "minimal customer support calls" over security.

Reply to
Tom Gardner

Cloudflare sorts the "good guys" from the "bad guys" by putting itself between their client's Web servers and the Internet and requesting the visitor's browser to perform a quiz question, maybe something like a mild prime factorization problem. It's selected to be fast enough that a modern PC can do it quickly enough such that it's mostly transparent to the user but will slow down a denial-of-service attack enough to keep the request load within the headroom of their client's load capability

Reply to
bitrex

Why not apply antivirus technology to the entire Net? Don't transport bad packets, or any packets from malware-sprouting IP addresses. That's not magic.

Why impossible? A decent hardware architecture and a sensible OS could allow absolute protections. Maybe RISC-V is the opportunity.

--
John Larkin         Highland Technology, Inc 
picosecond timing   precision measurement  
 Click to see the full signature
Reply to
John Larkin

onsdag den 3. oktober 2018 kl. 02.59.01 UTC+2 skrev John Larkin:

the internet is made route around obstacles and you there was some central way of banning stuff, you couldn't see the end of the line of the people and politicians that wanted to add their little thing to the banned list ala the great firewall of China

Reply to
Lasse Langwadt Christensen

This conveniently ignores the question of how you identify "bad packets". A nti-virus software can identify repeated examples of the same packet - afte r that packet has been identified as a virus. The trick of including a fiel d of random numbers in each viral packet has been well-known for a long tim e - the viral packets don't have to be identical to be effective.

It may not be impossible, but we don't seem to have one yet.

I wonder why John Larkin thinks that? Maybe Anthony Watts has posted this c laim on one of his denialist web-sites, and John Larkin believes everything he gets from them.

For the malware community? Every other computer architecture has proved to have weaknesses that malicious programmers have been able to exploit.

--
Bill Sloman, Sydney
Reply to
bill.sloman

Because it will be like drinking from a fire hose. The traffic has to broken out into individual data streams, individual inspected by an elaborate filter designed to detect KNOWN viruses and malware. That's not easy. However, the NSA is doing something like that looking terrorist discussing their next attack plan. Right. Anyway, they probably don't look at it in real time, but rather record what they need and analyze it later at their leisure. However, any evil malware spammer with a clue would encrypt all his traffic until it hits the last hop, where it is decrypted, and delivered as ready to use malware. In encrypted form, it's not sniffable and probably not easily decrypted.

The trend is to put more and more emphasis on user based security. Vendors seem to contend that they can't guarantee the integrity and security of their own products, so maybe having the user tediously scan, filter, and test for evilware. So, they pass the buck to the users, claiming that it's somehow the victims responsibility to protect themselves. If you really want a vendor policed secure operating system, simply standardize the EULA requirements so that the vendor is financially responsible for any security breaches, malware, software bombs, and consequential damages. That should get their attention. Of course, you wouldn't be able to afford the resulting secure OS or want to run it because of all the intrusive security features. I went through all that with Unix C2 enhanced security and barely survived.

More threat map sites:

--
Jeff Liebermann     jeffl@cruzio.com 
150 Felker St #D    http://www.LearnByDestroying.com 
 Click to see the full signature
Reply to
Jeff Liebermann

I wonder if these attack map sites are real or all made up ? Either the map or the list of threats or spams coming up on the bottom of the screens ? I've seen these maps a whiel back but never really thought about how they get that info.

I pulled up a couple of differentpairs of those sites and placed them next to each other but it's hard to tell if they are showing the same thing or not. I'm sure there are at least delays of one site vs. the other so I can't really tell... How do they obtain this data ?

One Youtube show I watch now and then is AT&T ThreatTraq where they talk about the most scanned ports that week. Not sure how they get that info either but maybe because they are a communications company ?

Reply to
boB

Windows is a mess primarily because Microsoft doesn't attract top talent anymore, Google and Facebook poach a lot of that, has a very next-quarter focus and reportedly always prefers the talented developers they do have to be focusing on new features rather than hunting down and fixing vulnerabilities or refactoring poorly written code. and just a generally unpleasant place to work for with high turnover.

Reply to
bitrex

Answered my own question I think by Googling..... DuH !

From one map info in particular anyway...

formatting link

" Norse Intelligence Platform

Every second, Norse collects and analyzes live threat intelligence from darknets in hundreds of locations in over 40 countries. The attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors. At a glance, one can see which countries are aggressors or targets at the moment, using which type of attacks (services-ports).

Hovering over the ATTACK ORIGINS, ATTACK TARGETS, or ATTACK TYPES will highlight just the attacks emanating from that country or over that service-port respectively. Hovering over any bubble on the map, will highlight only the attacks from that location and type.

Norse exposes its threat intelligence via high-performance, machine-readable APIs in a variety of forms. Norse also provides products and solutions that assist organizations in protecting and mitigating cyber attacks.

"

Reply to
boB

Right. Current computer architectures and OSs are fundamentally garbage. Let's hope that is not a permanent condition.

How many security bugs has Windows had so far? Tens of thousands? Why are Microsoft and Intel not liable for the damage done?

If you really want a vendor policed secure

A secure hardware/software architecture neen not be complex or expensive, but it would need a clean design, not just more kluges piled on top of fundamentally stupid designs.

But meanwhile, the network could look for and not transport malware.

I'd pay for an ISP and a DNS that protected me better.

If all those infected packets are identified, why are they delivered?

--
John Larkin         Highland Technology, Inc 

lunatic fringe electronics
 Click to see the full signature
Reply to
John Larkin

Invoke the magic genie with the all seeing eye. Individual packets can be made to look quite harmless even when they have a dangerous payload. You are assuming the existence of a quick solution to the halting problem when you only have a part of the final program.

Coupled with the tendency of any kind of heuristic to have false positives and you quickly get to a situation where the cure is worse than the disease it is trying to prevent.

Attempts to blacklist dodgy IP addresses do exist and sometimes work but more often than not they harm the next encumbent of a dynamic pool of IP addresses rather than the compromised machine which will just move on.

Hardware engineers are inclined to view software as trivial. It isn't.

Viper was one attempt to make an absolutely secure processor from the ground up done by RSRE hardware engineers. It all ended in acrimony and tears. NASA came closest to a full formal proof (but look at the spec).

formatting link

(large file warning)

There have been a few very secure CPU designed experimentally and they typically separate data from executable code in some fashion and guard the transition of one into the other very very carefully.

--
Regards, 
Martin Brown
Reply to
Martin Brown

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.