[Dshield] sql slammer precursor data

Johannes Ullrich jullrich at euclidian.com
Wed Jan 29 20:37:27 GMT 2003


its a gzipped tab delimited text file.
just use 'gunzip' and view it like any other text file (cat/less/more) or use the editor of your choice (vi/emacs)... it should import into most spreadsheets. I did try gnumeric and openoffice.



On Wed, 29 Jan 2003 13:19:03 -0600
"Deb Hale" <haled at pionet.net> wrote:

>  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Johannes, Sorry if this appears ignorant.  But how do you view this info?
> 
> www.bcpenterprise.com
>  
> 
> 
> - -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf Of Johannes Ullrich
> Sent: Wednesday, January 29, 2003 9:10 AM
> To: list at dshield.org; intrusions at incidents.org
> Subject: [Dshield] sql slammer precursor data
> 
> 
> 
>   I put together a summary of all the 'precursor' data we have. This summary includes all reports from all IPs that scanned port 1434 prior to 1/25.
> 
>   So far, there are about 25k IPs in that list :-/. So searching through this and narrowing it down is hard. If you are interested, the data is up at
> 
> http://feeds.dshield.org/precursor_summary.txt.gz (about 580kByte). The table has 5 columns:
> 
> source, date, targetport, packets, targets, authors.
> 
> basically, it tells you how many reports (packets) we received 
> that implicate the source hitting a given number of distinct targets at that particular date using the listed targetport. The 'authors' column shows how many DShield users reported this source/date/targetport combination. All anonymous submissions count as one author.
> 
> 
> - -- 
> - --------------------------------------------------------------------
> jullrich at euclidian.com             Collaborative Intrusion Detection
>                                          join http://www.dshield.org
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
> 
> iQA/AwUBPjgpJzxOOHZjYde8EQLVqwCdG4bz4WuwnHcA/kU2l8VEyyPAVO8An3pB
> oSMlOnfHUtrHBZ4cGvKmnT7s
> =T0xm
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 


-- 
--------------------------------------------------------------------
jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org



More information about the list mailing list