Hi Everybody:


My firewall is Norton Internet Security (NIS). I connect via dial-up. For months, I've seen intrusion attacks from various IP addresses.

Starting May 2, I've increased the NIS log size to 2MB and has been saving these logs daily. My intent: Generate empirical statistics on intrusions/attacks, identify the preponderance of attacks by country-origin and the most persistent attackers' IP address (shall we say top 100?).

Anybody interested in a parallel effort? This may vary from country to country, from ISP to ISP and by the type of firewall used. But if the firewall maintains a log, then those interested may just save these logs into plain text format and later on identify the country-origin of the IP. For my case, I'll be using IP to Country.

What shall we accomplish? Broadly, simply generate awareness for all on the following:
a. Intrusions happen almost every second that one stays on-line;
b. Some users may just be unaware that even their own systems serve as bridges for these attacks;
c. Some countries may just happen to have less sense of IT security or some establishments/systems deliberately attack other systems as a prelude to future information warfare scenarios; and
d. Some IP addresses may just be worth avoiding (can we really deliberately do that?) while we are online.

In addition, it may just make us aware of related issues such as:
a. Firewalls do not always work when a malware/adware piggybacks itself into our download process (I plan to make a separate post regarding this experience);
b. Some IP addresses may just happen to be bogus when attacking (I base this on my observation that my system has varying IP addresses [within the ISP range?] whenever I go online).

I am aware that false statistics may just be generated but the time needed to just identify the country for each IP address is already enormous; so why waste time generating false data? For my case, I'll always be ready to upload the daily logs [in raw plain text format or PDF] to anyone who'd demand proof of the stats I've come up with. A few other rules may just be needed as well regarding redundancies, frequency and cases of **INVALID** IP addresses.

Relatedly, would anyone mind generating a small program that would use the IP to Country MS Excel Library as reference to a faster identification of the country origin of the IP addresses?

-Goitz