[Dshield] Putting the last 2 weeks into perspective
Johannes B. Ullrich
jullrich at sans.org
Sun Aug 24 16:12:44 GMT 2003
For a 'global' perspective:
On average, We get about 3 reports for each 'target IP'. The number of
sources for each target IP is about the same.
On the 19th, we had 8 source IPs for each target IP and 61 records for
each target IP.
Since then, we do no longer import ICMP data. There is just too much of
it. I will reevaluate this later.
Our total daily report volume peaked at the 20th with 38 Million
reports. Typically, we get about 15 Million reports a day.
I still have to double check these numbers, as I didn't run the summary
queries all the time to keep imports going. We are now caught up on the
back log and importing is running normal again (actually a bit faster
after I did find some new shortcuts)
SANS - Internet Storm Center
PGP Key: http://isc.sans.org/jullrich.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20030824/589ab77e/attachment.bin
More information about the list