[Dshield] Help Understanding DShield Data

Johannes Ullrich jullrich at euclidian.com
Thu Mar 27 14:51:45 GMT 2003


The 'summary' numbers (number of total records and number of targets)
are not updated in real time, but with some delay.

Also, the summary records may cover more than the 30 days reflected
in the details (not the case here).



On Thu, 27 Mar 2003 08:59:54 -0500
Chateauneuf <dupape at bellatlantic.net> wrote:

> What am I missing? Shouldn't the total records match the total, by port, 
> since both are for a one-day range?
> 
> This resolves to RCN. I cannot find any reference to "ULTRA.NET." Again, 
> what am I missing?
> 
> I show three records against this IP yesterday (3/27). The data stops at 
> 3/17. Is this an error or do some records update periodically in contrast 
> to real time?
> 
> https://secure.dshield.org/ipinfo.php?ip=146.115.112.039&x=1&day=731665
> 
> Country: US
> Contact E-mail: noc at ULTRA.NET
> Total Records against IP:  229
> Number of targets:  229
> Date Range: 2003-03-17 to 2003-03-17
> Ports Attacked (up to 10):
> Port 	Attacks 	Start 		End
> 137 	254 		2003-03-17 	2003-03-17
> 139 	1 		2003-03-17 	2003-03-17
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 


-- 
--------------------------------------------------------------------
jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org



More information about the list mailing list