Attack Traffic and Top Ports Attacked
In the fourth quarter of 2011, China, at 13 percent, generated the most attack traffic observed by Akamai. The United States (10 percent) and Indonesia (7.6 percent) rounded out the top three. Total observed attack traffic aggregated by region shows that Asia Pacific/Oceania generated 45 percent of such attack traffic, Europe 33 percent, the Americas just less than 20 percent, and Africa a mere two percent.
In an examination of attack traffic concentration among the top 10 targeted ports, the report found that the top 10 ports account for 65 percent of the observed attacks. Port 445 (Microsoft-DS) ended 2011 at the top of the list being targeted by 25 percent of observed attack traffic.
Geography appears to play a role in frequency of observed attacks on specific ports. For example, Port 23 (Telnet) is a favorite target for attacks observed to be originating from South Korea and Turkey, where it accounted for more than five times the number of attacks targeting the next most popular port (445 in both countries). Other instances of geography-based port targeting include observed attacks centered on Port 1433 (Microsoft SQL Server) in China and on Port 80 (WWW/HTTP) in Indonesia.