[Dshield] Drop off in attacks

Deb Hale haled at pionet.net
Fri Jan 2 14:13:22 GMT 2004


I have observed the same type drop in activity. In addition, all of the
inbound port 127.0.0.1 have stopped. I have not had 1 since 11:59 on 12/31.
I am waiting for round 2 to start.  :)

Deb

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Benjamin Robson
Sent: Thursday, January 01, 2004 9:01 PM
To: General DShield Discussion List
Subject: [Dshield] Drop off in attacks



Happy New Year to you all.

Has anyone else noticed an extreme drop off in the number of 'blocked'
packets at their firewall (from the Internet)?

I have a firewall here that would normally show a cycle of blocked packets,
oscillating between a high and low point over a 24 hour period. However
starting at about midnight GMT+11 I have observed a very significant drop in
the blocked packet rate such that now, some 32 hours later, the blocked
packet rate is about a quarter what it was.

Has anyone seen a similar effect?

I have 3 lines of thought that might explain this:
	1.	People have been switching off their (infected) machines
for the New Years holiday.
	2.	Script kiddies take the NY holidays as well.
	3.	Various virii & worms are expiring at midnight
31-12-2003.

Thoughts/Comments?

Regards all,
BenR.

Benjamin M.A. Robson
Senior Security Consultant
Secure Data Group P/L

____________________________________________________________________________
___________________________ 
Come and visit the Fishbowl, Australia's Largest Vendor Independent
Interoperability Lab, where you can see live working solutions on show. 
Click here for workshop dates 
www.securedatagroup.com.au/events

Did you know that SecureData Group delivers high security Offsite Tape
Storage services, via their DataBank Division? - visit
www.databanktech.com.au for more information, or speak to your Account
Manager.

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. 
Any unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden. 
This e-mail has been swept for the presence of computer viruses known to
SecureData Group's virus patterns.

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list






More information about the list mailing list