Re: updated 135/tcp log counter mrtg image

["rocco.s" <rocco.s () telstra com>]

> Is the graph total packets logged or unique IPs? Thanks. Trying to 
> get a handle on the spread...

total port 135 tcp/syn.
therefore spread fairly linear from what were seeing.

setting up blackholes on 135 and 4444 then using ngrep 'tftp -i'
(port 4444 attempt only occurs if attacking host gets a connect for 
135/tcp), yields differant results, showing approx 2.5% of traffic is 
non 'blast/poza/rant', but simple sweeps for 135/tcp.

using awk/uniq, i get 794 hosts from 5755 attempts @ 15:05 AEST.

----------------
Powered by telstra.com

 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html