News Ultimarc Emu Loader Programming MAME Artwork progetto-SNAPS MAMEUI HBMAME EmuChat Hardware The Loony Bin MAME Artwork X

Entrance | Main Index | Search | New user | Login | Who's Online | FAQ | Rules

MAMEWorld >> News Previous   Index   Next   Flat

casm Cinematronics > * Reged: 08/27/07 Posts: 668 Send PM Re: Robbie's WIP 11/07/15 06:47 PM Reply > That's a load of shit on several counts. Firstly I get the same TCP connection drops > when connecting from an Australian IP address, so he's not just blocking China. > Secondly, Robbie's site has no comments sections, so blocking comment spam isn't a > valid reason in this case. And thirdly, China doesn't have an out-of-proportion > spamming malware problem. According to Spamhaus stats which are a pretty decent proxy > for estimating malware issues, China has 64% of the spam issues of the US despite > having over four times the population. China's not doing as well as India on spam > issues per capita, but they're not doing badly. Except that spam is only one facet of the problem. Hosts located in China are responsible for roughly two-thirds of the visible attack traffic that we see at work. This presents a significant signal-to-noise problem for our SOC analysts, who, if we were not actively blocking bad actor hosts and netblocks located in China, would literally not have time to be able to get on with their jobs. This would also have an upstream effect on our security engineers, who (even with SIEM, which is largely not as useful as the companies selling it would have everyone believe) would be in the situation of having to dig even more tons of crap out of logs than they already do in order to find and respond to potential indicators of compromise. Thus, my choice comes down to this: let my staff be distracted by the legion of infected Windows XP boxes and people hitting Metasploit's big red hack button in Guangzhou and risk missing a successful attempt at exploitation or intrusion, or drop traffic from China (a country we have no business presence in or with) wherever possible. It's not a difficult decision to make. Additionally, most of the exfiltration attempts that we've been seeing from inside of networks where exploit kits have managed to gain a foothold is going to - you guessed it - China. Russia's usually a close second. If the problem was centred on Canada rather than China, we'd be doing exactly the the same thing to the Great White North. The country involved is irrelevant, but the origin is not.

Entire thread Subject Posted by Posted on Robbie's WIP ASAP 11/05/15 11:49 PM Re: Robbie's WIP gregf  11/06/15 06:59 PM Re: Robbie's WIP Vas Crabb  11/06/15 09:41 AM Re: Robbie's WIP B2K24  11/06/15 09:46 AM Re: Robbie's WIP Vas Crabb  11/06/15 10:02 AM Re: Robbie's WIP MooglyGuy  11/06/15 07:17 PM Re: Robbie's WIP Vas Crabb  11/07/15 07:59 AM Re: Robbie's WIP casm  11/07/15 06:47 PM Re: Robbie's WIP Master O  11/07/15 10:47 PM Re: Robbie's WIP jonwil  11/07/15 02:11 AM Re: Robbie's WIP abelenki  11/06/15 11:06 AM

Extra information Permissions Moderator:  John IV, Robbbert, Tafoid  2 registered and 366 anonymous users are browsing this forum. You cannot start new topics You cannot reply to topics HTML is enabled UBBCode is enabled Thread views: 2178

Browser Test | Delete Cookies atom-guru atom-guru atom-guru atom-guru UBB.threads™ 6.3.2