Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

UDP:137 source IP distribution

From: John Sage <jsage () finchhaven com>
Date: Wed, 2 Oct 2002 11:39:28 -0700
Source IP distribution for UDP:137 probes received, 09/28/02-10/01/02.

Fully 80.5% are from 2xx.x.x.x or 6x.x.x.x


Given:

wc -l 09_28-10_01:UDP:137_IP_distribution.txt
  526 09_28-10_01:UDP:137_IP_distribution.txt

So 526 unique source IP addresses; I'm at 12.82.13x.x or 12.82.12x.x
as a dialup into AT&T's Seattle WA POP...


290 or 55% from 2xx.x.x.x:
grep -c '] 2..\.' 09_28-10_10:UDP:137_IP_distribution.txt
290 

grep -c '] 211\.' 09_28-10_10:UDP:137_IP_distribution.txt
57

grep -c '] 200\.' 09_28-10_10:UDP:137_IP_distribution.txt
51

grep -c '] 218\.' 09_28-10_10:UDP:137_IP_distribution.txt
30

grep -c '] 210\.' 09_28-10_10:UDP:137_IP_distribution.txt
25

grep -c '] 203\.' 09_28-10_10:UDP:137_IP_distribution.txt
24

grep -c '] 202\.' 09_28-10_10:UDP:137_IP_distribution.txt
16

grep -c '] 213\.' 09_28-10_10:UDP:137_IP_distribution.txt
16

grep -c '] 216\.' 09_28-10_10:UDP:137_IP_distribution.txt
14

grep -c '] 212\.' 09_28-10_10:UDP:137_IP_distribution.txt
13

grep -c '] 217\.' 09_28-10_10:UDP:137_IP_distribution.txt
13



134 or 25.5% from 6x.x.x.x:
grep -c '] 6.\.' 09_28-10_10:UDP:137_IP_distribution.txt
134

grep -c '] 61\.' 09_28-10_10:UDP:137_IP_distribution.txt
61

grep -c '] 62\.' 09_28-10_10:UDP:137_IP_distribution.txt
22

grep -c '] 64\.' 09_28-10_10:UDP:137_IP_distribution.txt
12

grep -c '] 66\.' 09_28-10_10:UDP:137_IP_distribution.txt
12

grep -c '] 65\.' 09_28-10_10:UDP:137_IP_distribution.txt
11



24 or 4.5% from 12.x.x.x:
grep -c '] 12\.' 09_28-10_10\:UDP:137_IP_distribution.txt
24



19 or 3.6% from 8x.x.x.x:
grep -c '] 8.\.' 09_28-10_10:UDP:137_IP_distribution.txt
19




18 or 3.4% from 2x.x.x.x:
grep -c '] 2.\.' 09_28-10_10:UDP:137_IP_distribution.txt
18



- John
-- 
"It's a troll! Run!^H^H^H^H Laugh!"

PGP key:     http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800  4EF6 5FC8 F23D 35A4 F705

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: