Taiwan Tops List for Attack Traffic


Internet attacks can come from anywhere in the world, though according to a new report from Akamai, it's more likely that the Asia Pacific region is to blame.

Akamai's second quarter 2011 State of the Internet report, identifies the top source of attack traffic as well as which server ports are being targeted. For the second quarter, Taiwan topped the list of countries for attack traffic representing 10 percent of all global attack traffic, up from nine percent in the first quarter of 2011.

Myanmar (formerly known as Burma) held the top spot last quarter with 13 percent. In the second quarter, Myanmar fell to the number two slot, accounting for nine percent of attack traffic. In the first quarter, David Belson, author of the Akamai report told InternetNews.com that he wasn't sure if Myanmar would remain at the top of the list for the second quarter. Myanmar did not rank in the top ten for attack traffic in 2010. The U.S. placed third at 8.3 percent, China fourth at 7.8 percent and Russia round out the top five list coming in at 7.5 percent.

On a global basis, Akamai reported that 47 percent of all attack traffic observed by Akamai came from the Asia Pacific region. In contrast, 30 percent came from Europe, 20 percent from the Americas and only 3 percent from Africa.

In terms of where the attack traffic is going, 70 percent is targeting only 10 ports. The most targeted port was Port 445 at 39 percent (Port 445 is used for Microsoft directory services). Port 80, which is used for most HTTP traffic over the Web, comes in a distant second at 11 percent. Port 23 which is used for telnet came in at 5.7 percent and Port 443 which is used for SSL secured HTTPS traffic placed fourth at 4.6 percent.

Akamai's report also examines which SSL ciphers are now being used.

"An SSL cipher is an encryption algorithm (cryptographic function) that, in combination with an exchanged key, is used to create a private encrypted connection between two networked computers, which blocks outsiders from snooping on the communications taking place over this connection," Akamai report states.

Use of the more secure AES 128-SHA-1 cipher has tripled since the beginning of 2009, while the RC4-MD5-128 cipher has declined.

"Interpreting the observed trends, as well as data observed for other SSL ciphers, Akamai believes the use of RC4-based ciphers may reach near-zero levels over the next several years," the report states. "Furthermore, these trends may indicate a shift towards stronger ciphers, which could lead to SSL becoming more secure over time."

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.