[Dshield] Blaster data trends last 8 days FYI

John Sage jsage at finchhaven.com
Wed Aug 20 18:18:30 GMT 2003


Lest we forget...

[jsage at sparky /storage/snorts] $ grep -c 'ICMP CyberKit 2.2 ping'
  alert.full-Aug.18.11:00 

    0


[jsage at sparky /storage/snorts] $ grep -c 'ICMP CyberKit 2.2 ping'
  alert.full-Aug.19.08:01 

  106


[jsage at sparky /storage/snorts] $ grep -c 'ICMP CyberKit 2.2 ping'
  alert.full-Aug.20.08:17

  406


[jsage at sparky /storage/snorts] $ grep -c 'ICMP CyberKit 2.2 ping'
  alert.full

   68

(from 08/20/03 08:17am PDT to 11:20am PDT...)


On Wed, Aug 20, 2003 at 10:18:46AM -0700, John Sage wrote:
> Context: dialup into AT&T's Seattle WA POP, 12.82.x.x class A
> 
> Total packets to port  135 in alert.full-Aug.11.23:25: 1165
> Total packets to port  137 in alert.full-Aug.11.23:25:  102
> Total packets to port 4444 in alert.full-Aug.11.23:25:  664
> 
> Total packets to port  135 in alert.full-Aug.12.18:14: 3517
> Total packets to port  137 in alert.full-Aug.12.18:14:  475
> Total packets to port 4444 in alert.full-Aug.12.18:14: 1961
> 
> Total packets to port  135 in alert.full-Aug.13.18:26: 4599
> Total packets to port  137 in alert.full-Aug.13.18:26:  675
> Total packets to port 4444 in alert.full-Aug.13.18:26: 2618
> 
> Total packets to port  135 in alert.full-Aug.14.08:48: 1317
> Total packets to port  137 in alert.full-Aug.14.08:48:  228
> Total packets to port 4444 in alert.full-Aug.14.08:48:  741
> 
> Total packets to port  135 in alert.full-Aug.15.08:55: 2098
> Total packets to port  137 in alert.full-Aug.15.08:55:  229
> Total packets to port 4444 in alert.full-Aug.15.08:55: 1144
> 
> Total packets to port  135 in alert.full-Aug.16.09:54: 3075
> Total packets to port  137 in alert.full-Aug.16.09:54:  345
> Total packets to port 4444 in alert.full-Aug.16.09:54: 1662
> 
> Total packets to port  135 in alert.full-Aug.17.11:12: 2415
> Total packets to port  137 in alert.full-Aug.17.11:12:  208
> Total packets to port 4444 in alert.full-Aug.17.11:12: 1074
> 
> Total packets to port  135 in alert.full-Aug.18.07:43: 2002
> Total packets to port  137 in alert.full-Aug.18.07:43:  220
> Total packets to port 4444 in alert.full-Aug.18.07:43: 1005
> 
> Total packets to port  135 in alert.full-Aug.19.08:01: 2173
> Total packets to port  137 in alert.full-Aug.19.08:01:  362
> Total packets to port 4444 in alert.full-Aug.19.08:01: 1210
> 
> Total packets to port  135 in alert.full-Aug.20.08:17: 2640
> Total packets to port  137 in alert.full-Aug.20.08:17:  409
> Total packets to port 4444 in alert.full-Aug.20.08:17: 1468


- John
-- 
"Warning: time of day goes back, taking countermeasures."




More information about the list mailing list