One of the things that most people are probably not aware of is just how many attacks the university sees on a daily basis. For example, yesterday (a middling day in September) the firewall identified and blocked 100,839 attacks. Now most of those attacks were not especially serious, but many were.
One of the many things that the LIS Cyber Operations team does, is to identify the most serious of those attacks, and block them for 3 months, a year, or permanently depending on whether this is the first attack, the second, or the third.
As you can see, every month we block a very rough average of 1,200 attackers. Actually we can add to those figures a few hundred more attacker addresses that are made known to use as “threat intelligence” – attacks that may not have attacked us, but have attacked others.
In case anyone is worrying about blocking legitimate sites, that very rarely happens – not only do legitimate sites rarely perform attacks, but our block list is currently 7,357 entries long. This is approximately 0.00017% of the Internet (or to be more precise the technical maximum of IPv4 addresses on the Internet; many of which are reserved).
Not much more to say about it – criminals are going to crime. And no these events aren’t organised by spotty teenagers in basements; it’s organised crime.