Full Disclosure mailing list archives
Re: updated 135/tcp log counter mrtg image
From: "rocco.s" <rocco.s () telstra com>
Date: Thu, 14 Aug 2003 15:04:53 +1000
Is the graph total packets logged or unique IPs? Thanks. Trying to get a handle on the spread...
total port 135 tcp/syn. therefore spread fairly linear from what were seeing. setting up blackholes on 135 and 4444 then using ngrep 'tftp -i' (port 4444 attempt only occurs if attacking host gets a connect for 135/tcp), yields differant results, showing approx 2.5% of traffic is non 'blast/poza/rant', but simple sweeps for 135/tcp. using awk/uniq, i get 794 hosts from 5755 attempts @ 15:05 AEST. ---------------- Powered by telstra.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- updated 135/tcp log counter mrtg image rocco.s (Aug 13)
- Re: updated 135/tcp log counter mrtg image Robert Lemos (Aug 14)
- <Possible follow-ups>
- Re: updated 135/tcp log counter mrtg image rocco.s (Aug 14)