[Dshield] Drop off in attacks

Deb Hale haled at pionet.net
Fri Jan 2 14:13:22 GMT 2004

I have observed the same type drop in activity. In addition, all of the
inbound port have stopped. I have not had 1 since 11:59 on 12/31.
I am waiting for round 2 to start.  :)


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Benjamin Robson
Sent: Thursday, January 01, 2004 9:01 PM
To: General DShield Discussion List
Subject: [Dshield] Drop off in attacks

Happy New Year to you all.

Has anyone else noticed an extreme drop off in the number of 'blocked'
packets at their firewall (from the Internet)?

I have a firewall here that would normally show a cycle of blocked packets,
oscillating between a high and low point over a 24 hour period. However
starting at about midnight GMT+11 I have observed a very significant drop in
the blocked packet rate such that now, some 32 hours later, the blocked
packet rate is about a quarter what it was.

Has anyone seen a similar effect?

I have 3 lines of thought that might explain this:
	1.	People have been switching off their (infected) machines
for the New Years holiday.
	2.	Script kiddies take the NY holidays as well.
	3.	Various virii & worms are expiring at midnight


Regards all,

Benjamin M.A. Robson
Senior Security Consultant
Secure Data Group P/L

Come and visit the Fishbowl, Australia's Largest Vendor Independent
Interoperability Lab, where you can see live working solutions on show. 
Click here for workshop dates 

Did you know that SecureData Group delivers high security Offsite Tape
Storage services, via their DataBank Division? - visit
www.databanktech.com.au for more information, or speak to your Account

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. 
Any unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden. 
This e-mail has been swept for the presence of computer viruses known to
SecureData Group's virus patterns.

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list