[Report] DDoS attacks in H2 2011


Distribution of DDoS attack sources by country

During the six-month period, our systems detected attacks on computers in 201 countries across the globe. However, 90% of all DDoS traffic came from 23 countries.

Distribution of DDoS traffic sources by country – H2 2011

The geographical distribution of DDoS attack sources has changed. At the end of the first half of 2011, the top positions in the ranking were occupied by the United States (11%), Indonesia (5%) and Poland (5%). The second half of the year has produced several new leaders: Russia (16%), Ukraine (12%), Thailand (7%) and Malaysia (6%). The contribution of zombie computers from 19 other countries ranges between 2% and 4%.

In Russia and Ukraine, we detected new botnets created using programs sold on underground forums. Curiously, these botnets were attacking targets located in the same countries as the botnets. Before this, we mostly detected attacks in which the bots and the servers they attacked were located in different countries.

The evident change in traffic distribution, as well as Russia and Ukraine joining the leaders, was in part due to the active use of certain anti-DDoS measures. Specifically, one method of blocking DDoS attacks is filtering traffic based on the source countries. The idea is very simple: when a DDoS attack is detected, this triggers a system that rejects all data packets except those coming from a specific country. As a rule, only users from the country where the majority of the site's audience is located are allowed access to the resource. This is why cybercriminals have to create botnets in specific countries and use them to attack resources in these same countries to prevent their traffic from being filtered.

At the same time, those botnets which operate based on the "classical" approach, when attacks are conducted using resources outside the country where the under-fire server is located, remain operational. Thailand and Malaysia are good examples of countries where there are large numbers of unprotected computers, while it appears that bot masters receive relatively few orders to attack websites in these countries. This means that the region is a good place for cybercriminals to set up botnets.

The countries accounting for 2-4% of all DDoS attacks also changed from the first half of the year. This group includes only three countries with high levels of computer penetration and IT security: Ireland (2%), the United States (3%) and Poland (4%). The remaining generators of junk traffic were infected computers in developing countries, where the number of computers per capita is much smaller, while IT security is not particularly strong: Mexico (4%), India (4%), Pakistan (4%), Belarus (3%), Brazil (3%) etc.

Read more >>

Comments

Post a Comment

Để lại góp ý của bạn để blog của mình hoàn thiện hơn :))

Popular posts from this blog

[Hack crack] Tổng hợp Google Dork

Image
/includes/header.php?systempath= /Gallery/displayCategory.php?basepath= /index.inc.php?PATH_Includes= /nphp/nphpd.php?nphp_config[LangFile]= /include/db.php?GLOBALS[rootdp]= /ashnews.php?pathtoashnews= /ashheadlines.php?pathtoashnews= /modules/xgallery/upgrade_album.php?GALLERY_BASEDIR= /demo/includes/init.php?user_inc= /jaf/index.php?show= /inc/shows.inc.php?cutepath= /poll/admin/common.inc.php?base_path= /pollvote/pollvote.php?pollname= /sources/post.php?fil_config= /modules/My_eGallery/public/displayCategory.php?basepath= /bb_lib/checkdb.inc.php?libpach= /include/livre_include.php?no_connect=lol&chem_absolu= /index.php?from_market=Y&pageurl= /modules/mod_mainmenu.php?mosConfig_absolute_path= /pivot/modules/module_db.php?pivot_path= /modules/4nAlbum/public/displayCategory.php?basepath= /derniers_commentaires.php?rep= /modules/coppermine/themes/default/theme.php?THEME_DIR= /modules/coppermine/include/init.inc.php?CPG_M_DIR= /modules/coppermine/themes/c
Read more

[Security] Internet blackout scheduled in protest of SOPA

Last night I spent an inordinate amount of time on reddit looking at pictures of baby hedgehogs, reading a Q&A with a theoretical physicist, and catching up on the intended blackouts protesting the Stop Online Piracy Act (SOPA) and its sister bill, Protect IP Act (PIPA). Haven’t heard about SOPA? It’s no wonder, since the mainstream media has been curiously silent on the issue. Maybe it’s because most of the big news outlets are owned by companies supporting SOPA. Nonetheless, reddit and others, such as Tucows, Cheezburger, game developer Red 5 Studios, and hacktivist group Anonymous, hope to make the issue broadly known with a coordinated internet blackout scheduled for January 18th. Things will really get interesting if the “nuclear option” is implemented where the likes of Wikipedia, Google, Facebook, Ebay, Yahoo!, LinkedIn, Tumblr, Mozilla, Twitter, and PayPal “go simultaneously dark” to join them in protest of the bill. You may have heard a blip of a news story during the
Read more