[Dshield] Putting the last 2 weeks into perspective

Johannes B. Ullrich jullrich at sans.org
Sun Aug 24 16:12:44 GMT 2003

For a 'global' perspective:

On average, We get about 3 reports for each 'target IP'. The number of
sources for each target IP is about the same.
On the 19th, we had 8 source IPs for each target IP and 61 records for
each target IP.

Since then, we do no longer import ICMP data. There is just too much of
it. I will reevaluate this later.

Our total daily report volume peaked at the 20th with 38 Million
reports. Typically, we get about 15 Million reports a day.

I still have to double check these numbers, as I didn't run the summary
queries all the time to keep imports going. We are now caught up on the
back log and importing is running normal again (actually a bit faster
after I did find some new shortcuts)

SANS - Internet Storm Center
PGP Key: http://isc.sans.org/jullrich.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20030824/589ab77e/attachment.bin

More information about the list mailing list