[Dshield] using the feeds for your firewall
mark.rowlands at minmail.net
Sun Jul 29 13:25:24 GMT 2001
I examined ths SANS data for the top 2000 entries over the last 60 days
although I am a bit unsure about how valid this data is....if you take some
of the ip from the 10 top and use the search facility for that ip you get
wildy different results....ah well, here goes any way.
attacks on the top 10 ports : 83.67% of attacks
62 ports are covered by : 95 % of attacks
top 10 Attackers : 22.06% of attacks
1806 Attackers cause : 95 % of attacks
It would be nice to know how many source ip were implicated in the attacks on
the top 10 / 62 ports and what percentage of the total source ip those
figures represent and vice versa which ports were implicated in the attacks
by the top 10 attackers.
More information about the list