[Dshield] Stilll Miystified by the Dshield daily report

John B. Holmblad jholmblad at aol.com
Sun Oct 9 01:08:40 GMT 2005


All,

does anyone have insight into why I still get entries in my daily 
Dshield report that imply (if I am interpreting this report correctly)  
that I am receiving more packets from a particular source than all 
others including myself? It occurs to me that the term "All Targets", 
actually means All Targets except for my own network connection/ip 
address. In other words the word "all" doesn't really mean all in the 
context of this table. Here are some examples of these mystifying entries:


In HTMl formatted table:

Source           
	Hostname                                                  
	Packets 	Targets 	All Packets 	All Targets 	 First Seen

70.18.252.160 	pool-70-18-252-160.res.east.verizon.net   	         52
	             1 	               51 	                   1 	10-03-2005

  0.18.111.223 	 pool-70-18-111-223.alb.east.verizon.net   	       100 
             1 	                 2 	                   1 	10-03-2005

In text formated table:


             Source 
                                                        Hostname 
PacketsTargets All Packets All Targets   First Seen

70.18.252.160     pool-70-18-252-160.res.east.verizon.net           
52            1               51                 1    10-03-2005
  0.18.111.223     pool-70-18-111-223.alb.east.verizon.net         
100            1                  2                 1    10-03-2005

-- 
Best Regards,

John Holmblad

Televerage International
GSEC Gold,GCWN Gold,GGSC-0100,NSA-IAM

(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388

primary email address: jholmblad at aol.com
backup email address: jholmblad at verizon.net


More information about the list mailing list