1Cyber-Attacks: Where Are They Coming From? And Where Are They Going?
By Sean Michael Kerner
2China Has the Most Malicious IP Addresses, Claims AlienVault
According to AlienVault’s latest Open Threat Exchange (OTX) snapshot, China tops the list of countries with the most reported malicious IP addresses.
3Indonesia Is the Top Country for Attack Traffic, Says Akamai
In contrast with AlienVault’s findings, the second-quarter Akamai “State of the Internet” report found that Indonesia is the top country for attack traffic, with 38 percent of attack traffic originating there. China is second at 33 percent, with the U.S. a distant third at only 6.9 percent.
4Denial-of-Service Attacks Targeting the Americas
While attacks can come from any corner of the world, Akamai found that the vast majority of distributed denial-of-service (DDoS) attacks were against organizations in the Americas.
5Most DDoS Attacks Are Less Than 1G bps
According to the third-quarter 2013 attack report from Arbor Networks, most DDoS attacks consume less than 1G bps of attack bandwidth.
6DDoS Attack Bandwidth Is Growing
Although attacks of less 1G bps currently represent the majority of DDoS attacks, larger bandwidth attacks are growing. According to Arbor Networks, attacks of between 2G and 10G bps now represent 37 percent of all DDoS attacks.
7Most DDoS Attacks Last Less Than 30 Minutes.
According to Arbor Networks, the majority of DDoS attacks are short-lived, lasting 30 minutes or less in duration.
8Port 80 Is the Most Attacked Server Port
It should come as no surprise that Port 80 is identified by Arbor Networks as being the most attacked server port. Port 80 is the primary operating system port used for all Web traffic on devices and servers. When it comes to the most attacked ports after Port 80, other vendors have different views.
9SSL on Port 443 Is Often Attacked
As is the case with the Arbor Networks data, Akamai’s “State of the Internet” report also found Port 80 to be the most attacked port. The Akamai report found that Port 443, which is used for Secure Sockets Layer (SSL) encryption, is the second most attacked port.