I wouldn't go as far as label it systemic. Both Chinese and
Korean organizations are participating in some of the behind
the scenes security/mitigation activities going on and have been
helpful. Not all. Some.
-M<
Remember that chinanet was the one who setup the infamous lying
autoresponder:
"In your SPAM eMail,I can't find the IP or the IP is not by my
control.Please give me the correct IP.Thank you."
Then they attend regional meetings and complain that people are blocking
them. Gee I wonder why.
-Dan
Yes, however the clue is spread very thin indeed - I'm sure the clued
have their hands full dealing with the *really* egregious issues, and
"yet another compromised host" is too common a case for them to be able
to deal with it.
Those of us who have *enough* trouble keeping our own broadband users
zombie-free should be glad we're not the Korean CIRT staff. *THEY* got
handed an entire *COUNTRY* full of clueless users on high-speed connections.
Yo Vladis!
Those of us who have *enough* trouble keeping our own broadband users
zombie-free should be glad we're not the Korean CIRT staff. *THEY* got
handed an entire *COUNTRY* full of clueless users on high-speed connections.
Indeed, KrCERT is doing a very good job at cluing KR. They are very good at handling incidents as well.
China.. now that's a different problem. So many organizations and no clue as to who to contact. Their CERT is a part of FIRST, but that's about it as far as *I* know.
But hey, we are a community. This is where we make this happen.
On my personal back yard, Israeli ISP's are divided to those who don't care, and the few that make an effort. As it is my back yard, if you ever need help with an incident, please ping me.
Gadi.