[Dshield] dshield reports

Lauro, John jlauro at umflint.edu
Sun Jun 23 00:51:31 GMT 2002


Hello,

I am trying to understand some of the dshield reports...

1. The Top 10 most wanted (at http://www.dshield.org/top10.html)
states "(Interested in more detailed reports? Join the mailing list
and ask for it ;-) ..).", and clicking on the link states "No such
list dshield".  Is that list meant to be this list?

2. On the subnet report, I think there is a problem (maybe some data
is newer then other?), or I am a little confused what the numbers
mean...  I was checking one of the IPs scanning our network, to double
check that it showed up in the dshield database...

At the top level, for 141/8 it has:
Sources: 7682
Targets: 231768
Reports: 303834

Then cling on 141/8, it has 141.210/16 (along with a bunch of other
subnets):
Sources: 68
Targets: 275
Reports: 572

After you click on 141.210/16...
Source Sources Targets Reports 
141.210.010/24 2 2 2 
141.210.016/24 21 28 34 
141.210.162/24 2 3 3 
141.210.178/24 1 3 5 
141.210.180/24 1 2 3 
141.210.181/24 1 64276 120344 
141.210.186/24 1 190 464


Why are the numbers for 141.210/16 so low?  I tried forcing a refresh
on the page, and looked at the date of the page according to the
browser, and it has today's date.





More information about the list mailing list