Being a geek, before stepping out of the house, I had to check my mail and then my server logs for any weird activity. Despite the regular patterns, there has been very little going on.
In fact, things have been very, very quiet the last few days.
A while ago, there was an article in The Economist about Steven P. Levitt, a statistician and co-author of a book titled "Freakonomics." Mr. Levitt had found odd things to compare and worked them out. For example, American cities where abortion was either illegal or expensive to be obtained, crime was found to be rampant. The opposite was also true. His assertion was that “Roe vs. Wade” was a cornerstone in the dip in crime in the United States as evidenced approximately seventeen years later (http://en.wikipedia.org/wiki/Roe_v._Wade).
I forget what the other patterns were, but of course his findings were received with hate, anger or accusations of racism and discrimination. Harsh truth usually has that impact on people living in the state of denial.
Regardless of whether these views are seen as a modern criticism of "what's wrong with society today and how we could try to fix it if we all just worked together," versus "having a view that touches a delicate subject that is different from what is considered acceptable; therefore, it is a form of discrimination," as any social worker will tell you, patterns between things do exist.
Not all are patterns are pleasant, which is why I'll be going to hell.
I'm deadly certain that the attention my machine receives from Chinese and Taiwanese computers is simply a coincidence. It's mostly bots from infected machines that probe the entire internet in search of weaknesses, open relays to send out spam and more poorly patched Microsoft SQL servers to infect.
I'm nobody special: I'm just one of many.
A quick search on the internet will yield similar discoveries by others. A quick example:
http://www.google.ca/search?hl=en&q=block+IP+ranges+china
Many IT administrators point out that scanning the culprit machines back yields evidence of infected machines, running illegal software, badly patched or with very little security measures in place. No wonder NIMBDA ran rampant there.
And, it seems, it's not that new of an event either. Check out the dates on these two examples:
http://www.theregister.co.uk/2005/08/31/blocking_chinese_ip_addresses/
http://www.businessweek.com/technology/content/may2004/tc20040517_1934_tc058.htm
Who is taking advantage of these machines? Through the Spamhaus' Rokso listing shows that the majority of active spammers are Canadian, American or Russian with a handful of Chinese (see: http://www.spamhaus.org/rokso/). Many of them operate hijacked servers in China.
That's how we get thousands of spam attempts a day, the daily handful of relay checks from Taiwan and the plethora of brute force attacks. Amusingly, just by blocking the IP ranges of Chinese ISP HINET.NET, I've cut down on attacks by 1/3rd, with the rest originating from anywhere else in the world (Russia and Turkey being very close seconds).
So, where's my pattern?
After the earthquake, suddenly everything malicious from the internet has dropped. I've had between one and three SSH attacks a day (versus one every minute).
I've had one or two spams a day. I don't mean one or two spams made it in my inbox. I mean one or two spams made it as far as talking to my mail server and were rejected before the transaction between the spammer and my mail server had gone past HELO.
Portsentry banned ONE host when they tripped on port 23, since the earthquake.
My old server is getting a bit of a break. Though it is debatable as to how long this bliss will last (hijacked computers in Russia and Turkey are picking up the pace with spam sending), positive patterns can be found everywhere. Even at the expense of 36,000 earthquake victims.
See you in hell.
Subscribe to:
Posts (Atom)