[Dshield] Accuracy and Relevance of Dshield Data....

fuc952d@tninet.se fuc952d at tninet.se
Sun Jul 6 16:07:38 GMT 2003


After having done some analysis of the junk hitting my own domestic internet 
connection I was struck by some thoughts. 

I routinely block everything at my firewall and was struck by the enormous 
amount of crud I was rejecting.  

Over a weekly period, only 1.57% could be legitimately categorized as scans / 
attempts,   fully 97% were windows/smb broadcasts of various natures. 1% 
other broadcasts / multicasts.

I note the prevalence of windows smb "attempts" in dshields database and 
wonder how may of these are the same sort of "junk" that I see at my 
firewall?  




More information about the list mailing list