[Dshield] using the feeds for your firewall

Mark Rowlands mark.rowlands at minmail.net
Sun Jul 29 13:25:24 GMT 2001


I examined ths SANS data  for the top 2000 entries over the last 60 days 
although I am a bit unsure about how valid this data is....if you take some 
of the ip from the 10 top and use the search facility for that ip you get 
wildy different results....ah well, here goes any way. 

attacks on the top 10 ports	:	83.67% of attacks
62 ports are covered by    	:  	95    % of  attacks

top 10 Attackers               	:  	22.06% of attacks
1806 Attackers cause	:	95    % of  attacks

It would be nice to know how many source ip were implicated in the attacks on 
 the top 10 / 62 ports and what percentage of the total source ip those  
figures represent and vice versa which ports were implicated in the attacks 
by the top 10 attackers.





More information about the list mailing list