Russia: The No. 1 Base of Global Internet Attacks

Russia currently holds the dubious distinction of being the world’s top source of Internet attack traffic — a position based on observed traffic released in a recent report from Akamai Technologies, a leading provider of cloud optimization services.

Akamai’s quarterly “State of the Internet Report” does not offer any reasons why Russia is the source of so much malicious Internet activity. However, it does emphasize that the attacks might originate in other countries — although Akamai does not track such activities.

The report is based on data collected from the Akamai Intelligent Internet Platform, which delivers up to 30 percent of global Web traffic on a given day. The platform consists of more than 84,000 servers in 72 countries, deployed within approximately 1,000 networks that make up most of the public Internet.

To find out more about the Russian attack traffic scenario, we spoke with David Belson, editor of the “Akamai State of the Internet Report.”

Q: How can you tell that most of the attack traffic emanates from Russia?

Belson: We use a distributed set of agents deployed across the Internet that monitor attack traffic. Based on the data collected by these agents, we can identify the top countries from which attack traffic originates, as well as the top ports targeted by these attacks. (Ports are network layer protocol identifiers.)

While our observations show the attacks clearly originate in Russia, they could be coming from somewhere else and are being proxied or forwarded through Russia.

Q: Which are the main ports being attacked from Russia?

Belson: Port 445 is the main one, but that is not unique to Russian attacks. Port 445 is used for Microsoft DS (Directory Services) and is the most-attacked port seen by our monitoring systems.

Our report found that port 445 accounted for 47 percent of observed attack traffic. Attacks on port 23 (Telnet) and port 22 (SSH) represented 11 percent and 6.2 percent, respectively.

The best protection against port 445 attacks is to use a firewall or a router that blocks access to the port.

Growing Broadband Adoption, Fastest Connections
Akamai observed a global 4.2-percent increase (from the third quarter of 2010) in the number of unique IP addresses connecting to its network, growing to more than 556 million.

Another interesting tidbit: The fastest places in the United States are in the state of Delaware and the city of Riverside, Calif. In Delaware, 67 percent of connections to Akamai occurred at 5 Mbps or faster. That state also maintained the highest average connection speed in the country, at 7.2 Mbps, as well as the highest average peak connection speed across the United States, at 28.4 Mbps.

Riverside had the highest average connection speed at 7.6 Mbps, and highest average peak connection speed at 28.5 Mbps, in the fourth quarter.

by Herman Mehling