An interesting dynamic is happening at the top of the attackers’ chart. First of all, Iranian attacks were overshadowed by other countries to the degree that we no longer see them in higher positions. To mention the current top four most significant, we would highlight Romania, Germany, Bulgaria, and the Netherlands. There had been consistent attacks from Germany that came into prominence about the 4th of October and then slowly started to disappear on the 16th until the final dissolution on the 18th of October. The graph line for German attacks looks very stable and consistent. On the other hand, Romania’s malicious activity, which took the top of the charts, looked erratic and unorganized in the graph. To the degree that Sentinel View graphs in the Incidents section, except for Top countries by recorded incidents, are rendered almost useless.
On the first pages of the Report, we can see that September numbers are very comparable to August data. Iran-based attackers moved away from top charts, and we see that addresses from the United States now take the lead in the HTTP minipot incidents records.
Number of individual attackers had risen and minipot attacks doubled. Last month only three of the top attackers emerged from subnet 126.96.36.199/24, yet this month the majority of all attackers came from this Iraq subnet.
The total number incidents decreased by half. However, there are only slightly fewer than 10,000 distinct attackers on the greylist. The last month’s seemingly minor reduction may have been indicative of an ongoing decline.
A long time ago, CZ.NIC started a project called Netmetr, which was performed in cooperation with the Czech Telecommunication Office (CTU). The goal was to provide a reliable Internet connectivity benchmark that ordinary people can use to verify the parameters of their Internet connection. The cooperation went well and CTU was getting more and more interesting data about the quality of Internet connectivity in the Czech
Republic. Moreover, CTU decided to integrate the service into their systems and maintain it by themselves. They used the open-source software Netmetr and created Nettest – their own instance integrated into their environment. That unfortunately meant that the Netmetr itself lost its main purpose and it no longer made sense to keep it running.
In February, we saw about a 10% decrease in the number of unique attackers, but they were more active. Usually, we see attackers come and go, but in February, although it was fewer attackers in total, we had on average, more attackers blocked every day. This means that those attackers stayed active longer than in January.