Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Difference a year makes, good news, bad news
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Can someone please shed some light on this Alert? »
« PrevX Vulnerability Test.  
AuthorAll Replies


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw

reply to jvmorris
Re: Difference a year makes, good news, bad news

Click for full size
*.*.*.*
Click for full size
x.*.*.*
Click for full size
x.x.*.*
In Feb/2005 80% of all inbound 445 scans came from my local netblock x.*.*.*, drilling into this almost 98% came from x.x.*.* and at this level we see the spread of source for 445 scans. Hence you can say the most prevalent worms only vary the last two number of your IP Address when scanning. So if my local ISP wanted to drop their network bandwidth and load, they could by cleaning up locally infected systems or filtering various ports like 445.

I will add these three charts to my page which show this.

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel
to forum · permalink · · 2005-03-09 10:58:33 · Reply to this


jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA

  Now that is an interesting set of graphics!

But the last one is kinda scary! (That's the various Class C subnets there, isn't it?)
--
Regards, Joseph V. Morris
to forum · permalink · · 2005-03-09 11:13:19 · Reply to this

astirusty
Premium
join:2000-12-23
Henderson, NV
·AT&T Southwest

reply to Link Logger
said by Link Logger See Profile:

drilling into this almost 98% came from x.x.*.* and at this level we see the spread of source for 445 scans.
So if we want to clean up the internet of all these scans - we just need to get your entire sub-domain blocked?!?

On a serious note, this information is very interesting. I am taking a SWAG here, but the viruses/worms are setup this way so they draw less attention? Because the hackers know (or believe) the ISPs have not in the past monitored or filtered at these levels??
to forum · permalink · · 2005-03-09 11:17:16 · Reply to this
Forums » Up and Running » Security » SecurityCan someone please shed some light on this Alert? »
« PrevX Vulnerability Test.  

Tuesday, 10-Nov 11:59:50 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [89] Verizon Keeps Swinging At AT&T
· [85] VoIP Over 3G Still Not Working For iPhone
· [60] Moto Sold About 100,000 Droids
· [33] Bill Would Force ISPs To Block Financial Scams
· [24] Mediacom Hints At 50, 100 Mbps Speeds
· [22] Government Will Release Some Telco Wiretap Lobbying Documents
· [17] Clearwire To Get Another $1.5 Billion
· [12] Monday Evening Links
· [10] 15 States Have Now Gotten Broadband Mapping Money
· [10] Sprint Announces Job Cuts
Most people now reading
· Google Has Acquired Gizmo5 [VOIP Tech Chat]
· A fishy CRTC tarriff filed by bell? [TekSavvy]
· Windows 7 boot manager editing questions [Microsoft Help]
· Please Help, I think my computer is being monitored [Security]
· Slow speed lately? [TekSavvy]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· How in the world am I going to get into college? [General Questions]
· Replace entry door [Home Repair & Improvement]
· [ Classes] Highest Burst Casting DPS? [World of Warcraft]
· [WIN7] Outlook express under Windows 7? [Microsoft Help]