Third of web threats emanate from US and China

Akamai highlights global web threat

Analysis of web traffic by global managed service provider Akamai suggests that nearly a third of all internet attacks are launched from just two countries: the US and China.

In its first 'State of the Internet' report, which it intends to publish quarterly, Akamai noted that attack traffic in Q1 2008 was generated from 125 different countries, highlighting the global nature of the threat. Thirty per cent of that traffic originated from the US and China.

Akamai pointed out that distributed denial of service (DDoS) attacks continue targeting exploits present on systems that should have been patched years ago.
The Akamai report also highlighted traffic targeted at 23 unique ports, with Microsoft applications in the forefront of these attacks. Port 135, used for remote procedure calls (RPC) on Microsoft OSes, was the most heavily attacked, accounting for nearly 30 per cent of those observed.

The second most common port for attacks is port 139, normally used for Windows users to access files or folders on shared storage. Akamai point to Klez, Sircam and Nimda as examples of malware targeting port 139 from years ago.

"The highest levels of attack traffic are from ports targeted by worms, viruses, and bots that spread across the Internet several years ago." The report noted. "While that’s not to say that there are not any current pieces of malware that attack these ports, it may point to a large pool of Microsoft Windows-based systems that are insufficiently maintained, and remain unpatched years after these attacks 'peaked' and were initially mitigated with updated software."

Other ports regularly under attack were port 22, usually used for secure shell (SSH) traffic, port 445 - used by the Server Message Block (SMB) protocol amongst other things, for file sharing. Web traffic running over port 80, Microsoft SQL Server traffic running over port 1433 and Symantec System Center Agents using port 2967 were the next most popular ports under attack, according to Akamai's report.

Akamai also highlighted the geographical variations in connection speeds. South Korea topped the list as the country with the greatest penetration of high broadband (which Akamai defined as above 5Mbit/s); while Rwanda and the Solomon Islands had the lowest number of high-speed connections.

Akamai plans to release its Q2 'State of the Internet' report in August.