What are the ‘bad neighbourhoods’ of the internet? They are the networks where malicious sources of malware and spam are most often found. And now a map of the bad neighbourhoods has been made publicly available, thanks to the PhD research of Dr. Giovane Moura, conducted at the University of Twente. As Moura explains in his dissertation:
If network security engineers… want to reduce the incidence of attacks on the Internet, they should start by tackling networks where attacks are more frequently originated. If a user… wants to be safer on the Internet, he/she should avoid (or at least be much more careful) connecting to computers located in such networks.
So which are the worst neighbourhoods? Moura found that BSNL of India, Saudi Telecom, the Pakistan Telecommunication Company, the Vietnam Data Communications Company, and Telefonica del Peru were the top 5 sources of spam, in terms of absolute number of spamming IPs. The top 5 organizations in terms of absolute number of phishing IPs were: Bluehost (USA); OVH (France); WebsiteWelcome (USA); Main Hosting Servers (USA) and Universo Online (Brazil).
Moura’s research also includes advice for how to secure a network. Specifically, he concludes that network administrators are better off using blacklists obtained from public third-party sources.
For the full findings, Moura’s disseration is available here. We congratulate Giovane on obtaining his doctorate, and wish him success with his future work.