Wednesday, August 31, 2005

I'm seeing more of the MSSQL worm attacks.

I haven't been obsessed about it, but every couple of days, I look to see what snort has picked up on the red interface of my IPCop box.

There's a fair bit of MSSQL attacks, about 5 or 6 a day I'm seeing.

The majority seem to be from China and Taiwan.

One of them is even from some Taiwanese TV station.

Can't China just be disconnected from the Internet? their government doesn't want them to have it anyway, and all that seems to come out of their IP space is hack attempts, worms, virii, trojans, and other crap.

Maybe I should just blacklist their whole IP range.

Maybe that's overreacting, they aren't all from China and Taiwan, only almost all of them, someone in Poland has attempted to attack me today as well.

Update: Lol, I just checked slashdot, and the oldest artice on the page was a link to this article at The Register, about blocking Chinese IPs.


Post a Comment

<< Home