Koreans are getting feisty
Results 1 to 10 of 10

Thread: Koreans are getting feisty

  1. #1

    Koreans are getting feisty

    my firewall logs at work and at home have revealed an interesting trend. 90% of them are from Seoul, South Korea. The pattern only appeared recently following the aquittal of US military personnel for the negligent death of a little girl.

    Did they just get bored of trying to burn down our base over there? Has anyone else noticed this?

  2. #2
    Junior Member
    Join Date
    Nov 2002
    Posts
    20
    Actually i have for some time now though, i always do the whois and backtrace feature on my firewall and it reads up seoul alot of the time. some could be spoofed but as many as i have had it is kinda suspicious.

  3. #3
    Senior Member
    Join Date
    Nov 2002
    Posts
    139
    your not alone the majority of my logs lately have been from south korea as well. multiple ip's too.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    why dont you do what many are doing already. use your router to drop all incoming packets for the whole area. make an acl containing all the subnets you can find in that area and just deny.

    unless you have buisiness there, the only things you can get from that area are spam, hack attacks and porn
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Member
    Join Date
    Oct 2002
    Posts
    56
    My room mate and I were getting a lot from south korea as well, we did pretty much what Tedob1 is suggesting .. no problems since .

    -gunder

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    Remember that just because the source IP Address is located in South Korea, doesnt mean that a South Korean user a performing these attacks.

    I think that you will find that a lot of South Koreas internet facing machines are pretty "wide open" from a security perpective, and that they have been compromised by someone elsewhere in the world and are using it to bounce an attack, hence masking their real IP Address.
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  7. #7
    Senior Member
    Join Date
    Jun 2002
    Posts
    405
    The pattern only appeared recently following the aquittal of US military personnel for the negligent death of a little girl.
    Although in general computers in places like South Korea are used for bouncing attacks like SoggyBottom said, it seems that the acquittal of the soldiers involved in the death of the two girls has definitely provoked a reaction.

    South Korean activists have attacked the White House computer server with electronic mail bombs to protest the acquittal of two US soldiers accused of killing two schoolgirls in a road accident.

    The attack was led by a coalition of 130 civic groups, which have organized protests since two 14-year-old girls were crushed to death by a 50-tonne military vehicle on their way to a birthday party in June. Anti-US sentiment escalated in South Korea, one of Washington's close allies, after a US military court cleared the soldiers of negligent homicide two weeks ago.
    http://www.securitynewsportal.com/cg...one&id=62&op=t

    Others in South Korea could be inspired by these attacks to launch their own attacks on the US. So although you could just be getting the normal amount of traffic that people generally receive from a place like South Korea, it may also have something to do with the acquittal of those soldiers.

  8. #8
    every time there's an international event or conflict, people become "inspired" to get involved in a malicious electronic way. Note the May day attacks after the chinese spy plane incident last year...
    this discussion reminds me of a paper i just read. you might find this interesting, it talks about cyber attacks in response to U.S. military action in terms of a research report. check out page 9.
    http://www.ists.dartmouth.edu/ISTS/c...m/cyber_a1.pdf
    if seoul machines are really just proxies, its possible that north korean hackers are trying to extend their policymakers motives in the digital world. it seems like north korea is trying to get south korea on their side in light of our aggression towards north korea in light of recent nuclear developments there (i forget where i read about that, i beleive it was www.guardian.co.uk/worldlatest). by proxying through south korea, they make it seem like south korea isn't our friend after all...

    or maybe this is all just a conspiracy.

  9. #9
    Senior Member
    Join Date
    Dec 2002
    Posts
    110
    China/Korea/Isreal/Russia all have state sanctioned hacking. Hell China has universities who
    are solely dedicated to hacking. It is a very cheap and clean form of war. Infowar is the wave
    of the future. How else could a third world nation and or terrorists take Uncle Sam or Canada
    or any other first world nation?

  10. #10
    you're totally right. and its not just about changing vital data in military databases. its about hitting our infrastructure. its about decreasing our morale when we're going into a conflict. and they will be very successful unless governments start spending less on physical and more on digital defense.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides