[Dshield] dshield reports

John Sage jsage at finchhaven.com
Sun Jun 23 17:31:59 GMT 2002


On Sun, Jun 23, 2002 at 11:42:25AM -0400, Lauro, John wrote:
> -----Original Message-----
> From: John Sage [mailto:jsage at finchhaven.com] 
> Sent: Sunday, June 23, 2002 1:26 AM
> To: list at dshield.org
> Subject: Re: [Dshield] dshield reports
> 
> 
> In summary:
> > Source        Sources Targets Reports 
> > 141/8            7682  231768  303834
> > 141/210/16         68     275     572
> > 141.210.181/24      1   64276  120344 
> 
> 
> I understand what the / notation means...  Are you saying the /16 is
> some sort of average, and the /24 a total?  It's not the number of
> sources I was wondering about, but the low mumbers for the targets and
> reports for /16 compared to the more specific /24...
> 

Let's see: what did I mean :-/

They're _all_ totals.

What I meant was that as one moves from /8 to /16 to /24 using CIDR
notation the greatest number of probing hosts becomes smaller and
smaller.

So that if you're looking at 141.0.0.0/8 you're talking about 16
million possible hosts; if you're looking at 141.0.0.0/24, you're only
going to see at most probes from a maximum of 254 hosts.

Thus it's expected that as you move from /8 to /16 to /24, the
quantities of source IP's must become fewer.


Having said all that, I see what you're talking about, I think.

One would expect a rather coherent progression from the targets shown
for any given /8 down to the quantity shown for the /16 down to the
quantity shown for the /24...

And we're not.

We're seeing a great drop in targets at the /16 and then, somehow, a
spike for one specific /24, which should only be a small part of the
possible /24's contained in the /16 

Is that it?


heh..

I don't have a clue as to what's going on here...


- John
-- 
"You are in a different maze of little passages, all twisty."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 




More information about the list mailing list