[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: updated 135/tcp log counter mrtg image

To: Robert Lemos <robert@infoserf.net>
Subject: [Full-Disclosure] Re: updated 135/tcp log counter mrtg image
From: "rocco.s" <rocco.s@telstra.com>
Date: Thu, 14 Aug 2003 15:04:53 +1000


> Is the graph total packets logged or unique IPs? Thanks. Trying to 
> get a handle on the spread...

total port 135 tcp/syn.
therefore spread fairly linear from what were seeing.

setting up blackholes on 135 and 4444 then using ngrep 'tftp -i'
(port 4444 attempt only occurs if attacking host gets a connect for 
135/tcp), yields differant results, showing approx 2.5% of traffic is 
non 'blast/poza/rant', but simple sweeps for 135/tcp.

using awk/uniq, i get 794 hosts from 5755 attempts @ 15:05 AEST.

----------------
Powered by telstra.com

 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls
Next by Date: RE: [Full-Disclosure] ISS Security Brief: 'MS Blast' MSRPC DCOM Worm Propagation (fwd)
Prev by thread: Re: [Full-Disclosure] ISP's save the Inet from Blaster?
Next by thread: RE: [Full-Disclosure] Firewalls
Index(es):
- Date
- Thread