December 1st, 2002, 02:25 PM
Koreans are getting feisty
my firewall logs at work and at home have revealed an interesting trend. 90% of them are from Seoul, South Korea. The pattern only appeared recently following the aquittal of US military personnel for the negligent death of a little girl.
Did they just get bored of trying to burn down our base over there? Has anyone else noticed this?
December 1st, 2002, 02:54 PM
Actually i have for some time now though, i always do the whois and backtrace feature on my firewall and it reads up seoul alot of the time. some could be spoofed but as many as i have had it is kinda suspicious.
December 1st, 2002, 02:59 PM
your not alone the majority of my logs lately have been from south korea as well. multiple ip's too.
December 1st, 2002, 08:16 PM
why dont you do what many are doing already. use your router to drop all incoming packets for the whole area. make an acl containing all the subnets you can find in that area and just deny.
unless you have buisiness there, the only things you can get from that area are spam, hack attacks and porn
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
December 1st, 2002, 08:28 PM
My room mate and I were getting a lot from south korea as well, we did pretty much what Tedob1 is suggesting .. no problems since .
December 2nd, 2002, 03:59 AM
Remember that just because the source IP Address is located in South Korea, doesnt mean that a South Korean user a performing these attacks.
I think that you will find that a lot of South Koreas internet facing machines are pretty "wide open" from a security perpective, and that they have been compromised by someone elsewhere in the world and are using it to bounce an attack, hence masking their real IP Address.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
December 2nd, 2002, 04:37 AM
Although in general computers in places like South Korea are used for bouncing attacks like SoggyBottom said, it seems that the acquittal of the soldiers involved in the death of the two girls has definitely provoked a reaction.
The pattern only appeared recently following the aquittal of US military personnel for the negligent death of a little girl.
South Korean activists have attacked the White House computer server with electronic mail bombs to protest the acquittal of two US soldiers accused of killing two schoolgirls in a road accident.
The attack was led by a coalition of 130 civic groups, which have organized protests since two 14-year-old girls were crushed to death by a 50-tonne military vehicle on their way to a birthday party in June. Anti-US sentiment escalated in South Korea, one of Washington's close allies, after a US military court cleared the soldiers of negligent homicide two weeks ago.
Others in South Korea could be inspired by these attacks to launch their own attacks on the US. So although you could just be getting the normal amount of traffic that people generally receive from a place like South Korea, it may also have something to do with the acquittal of those soldiers.
January 3rd, 2003, 01:37 AM
every time there's an international event or conflict, people become "inspired" to get involved in a malicious electronic way. Note the May day attacks after the chinese spy plane incident last year...
this discussion reminds me of a paper i just read. you might find this interesting, it talks about cyber attacks in response to U.S. military action in terms of a research report. check out page 9.
if seoul machines are really just proxies, its possible that north korean hackers are trying to extend their policymakers motives in the digital world. it seems like north korea is trying to get south korea on their side in light of our aggression towards north korea in light of recent nuclear developments there (i forget where i read about that, i beleive it was www.guardian.co.uk/worldlatest). by proxying through south korea, they make it seem like south korea isn't our friend after all...
or maybe this is all just a conspiracy.
January 8th, 2003, 12:29 AM
China/Korea/Isreal/Russia all have state sanctioned hacking. Hell China has universities who
are solely dedicated to hacking. It is a very cheap and clean form of war. Infowar is the wave
of the future. How else could a third world nation and or terrorists take Uncle Sam or Canada
or any other first world nation?
January 8th, 2003, 08:33 AM
you're totally right. and its not just about changing vital data in military databases. its about hitting our infrastructure. its about decreasing our morale when we're going into a conflict. and they will be very successful unless governments start spending less on physical and more on digital defense.