Akamai recently released its Q4 2014 State of the Internet report, which shows that Telnet is the most targeted Internet attack port – with most attack traffic originating in China.
Akamai maintains a distributed set of agents deployed across the Internet that monitor attack traffic.
Based on data collected by these agents, Akamai is able to identify the countries from which attack traffic originates, as well as the ports targeted by these attacks.
During Q4 2014, Akamai observed attack traffic originating from 199 countries, in line with the 201 seen in the third quarter.
China remained well ahead of other countries, with more than three times the observed attack traffic when compared to the United States – which is in second place.
Top attack ports
In Q4 2014 the percentage of observed attack traffic targeting Port 23 (Telnet) increased significantly.
This increase may indicate a growth in attacks relying on brute-force login attempts or those that exploit default usernames and passwords to gain access to vulnerable systems.
These attacks can be perpetrated by bots that scan for systems with Port 23 open then try to login when finding such a port.
All other ports in the top 10 increased their percentages as well, with significant increases for Ports 445 (Microsoft-DS), 8080 (http Alternate), 3389 (Microsoft Terminal Services), and 22 (ssh).
In total, attack traffic to the top 10 ports made up 79% of all observed attack traffic – a substantial increase from 38% in the previous quarter.