China willing to talk with U.S. over cyberattacks
BEIJING (AP) — China says it is willing to cooperate with the United States in cybersecurity after the U.S. called on it to take "serious steps" to stop cyberattacks.
Foreign Ministry spokeswoman Hua Chunying repeated China's assertion that it is firmly opposed to cyberattacks and one of the countries that has suffered most from them. She says the country cracks down on such hackers according to the law.
Hua said Tuesday: "Cyberspace needs rules and cooperation, not wars. China is willing to have constructive dialogue and cooperation with the global community, including the United States."
U.S. National Security adviser Tom Donilon's comments Monday reflect American concern over cyber intrusions and their economic costs.
Last month, a U.S.-based cybersecurity firm accused a Chinese military unit of attacking more than 140 mostly American companies.
Foreign Ministry spokeswoman Hua Chunying repeated China's assertion that it is firmly opposed to cyberattacks and one of the countries that has suffered most from them. She says the country cracks down on such hackers according to the law.
Hua said Tuesday: "Cyberspace needs rules and cooperation, not wars. China is willing to have constructive dialogue and cooperation with the global community, including the United States."
U.S. National Security adviser Tom Donilon's comments Monday reflect American concern over cyber intrusions and their economic costs.
Last month, a U.S.-based cybersecurity firm accused a Chinese military unit of attacking more than 140 mostly American companies.
LOL man this is funny, China wants to "talk" about cyber attacks.Â
Every place I have worked when we set up the firewall or the traffic analyzer we always just ban the whole host of IP addresses given to China as a matter of standard.Â
In fact, the practice is so common, there are loads of websites dedicated to helping an IT professional block China's access to their system.Â
There are three users that connect from China (and ONLY three). The scammer looking to connect to you email server and rely spam, the IP thief looking to get images, data and information from your site to use to sell and make money, or the IP thief looking to try and LOOK like you to scam other people using the emails they get from the first group.Â
Of the tens of thousands of connection attempts from China IP address I get each year (and for the last 10 years), none have appeared to be someone trying to do legitimate business.Â
So yeah, let's "talk" China.Â
@Repoman@trololol  I understand what your saying Repo! I admin a forum.. Koivet. I've spent the last two weeks going through my ban lists along with updating them as I go through. China is horrible.. but I also automatically ban Russia as well, they are almost as bad, though they used to be worse. Pakistan is getting somewhat nasty as well. But we have some pretty heavy spammers right here, ones running the 173. starting numbers.
I generally google, Stop forum Spam and Project Honey pot the numbers as I look at who is visiting and it gives me the jump on em. I also have two Admin areas to deal with. So once I get the forum itself done and a master list, then I'll go over to Joomla and go through that one as well.   Â
I will say there was a lot of tor nodes being used a couple of years back. They where trying to hack into SMF forums members accounts. So glad we got rid of that and went back to a PHP board. Way easier to deal with.. But it would not surprise me if that tactic is still being used.
But I do agree with you, you can't just blindly ban a ip due to the innocent users being abused with spoofing or the use of phony email accounts that go hand in hand. Â
@Repoman I guess the Chinese would never think to spoof their IP's or set up or go through a proxy server in a different country.
@trololol@Repoman
They do that as standard practice.Â
I have this one group that uses compromised Comcast users in Illinois to attack my email server.Â
because the Comcast shuffles IP addresses it works in the favor of the attackers. They pipe in multiple attacks, the traffic gets detected, the IPs are blocked. Two days later the same attacks are made from other IPs from a different "circle" of Comcast IP addresses. Those older IP are no longer attacked get taken off the blacklist just in time for the attacker to get moved back onto them again (thanks fro the timing Comcast). Then the cycle repeats.Â
But I do save myself from hundreds of thousands of daily attacks by banning them outright. It limits my attacks to just the ones at least savvy enough to figure out how to proxy.Â
@trololol@Repoman
Unfortunately we have real users who sometimes get those IP addresses doing business with us (including government agencies).Â
So we just deal with the attacks until the analyzer shuts down the IP. Sometimes we have to go in and manually remove the IP from the blacklist if the user gets the now blocked IP before the blacklist is up.Â
It's a pain in the butt. About 10% of my job is chasing down attackers and trying to find ways to block them out.Â
I would much rather spend that time developing tools that make our users happy.
@Repoman @trololol block comcast