Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Difference a year makes, good news, bad news
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Can someone please shed some light on this Alert? »
« PrevX Vulnerability Test.  

Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw

Re: Difference a year makes, good news, bad news

Click for full size
*.*.*.*
Click for full size
x.*.*.*
Click for full size
x.x.*.*
In Feb/2005 80% of all inbound 445 scans came from my local netblock x.*.*.*, drilling into this almost 98% came from x.x.*.* and at this level we see the spread of source for 445 scans. Hence you can say the most prevalent worms only vary the last two number of your IP Address when scanning. So if my local ISP wanted to drop their network bandwidth and load, they could by cleaning up locally infected systems or filtering various ports like 445.

I will add these three charts to my page which show this.

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel
permalink · 2005-03-09 10:58:33 · Print · Reply to this

jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA

Re: Difference a year makes, good news, bad news

Now that is an interesting set of graphics!

But the last one is kinda scary! (That's the various Class C subnets there, isn't it?)
--
Regards, Joseph V. Morris
permalink · 2005-03-09 11:13:19 · Reply to this
astirusty
Premium
join:2000-12-23
Henderson, NV
·AT&T Southwest
said by Link Logger See Profile:

drilling into this almost 98% came from x.x.*.* and at this level we see the spread of source for 445 scans.
So if we want to clean up the internet of all these scans - we just need to get your entire sub-domain blocked?!?

On a serious note, this information is very interesting. I am taking a SWAG here, but the viruses/worms are setup this way so they draw less attention? Because the hackers know (or believe) the ISPs have not in the past monitored or filtered at these levels??
permalink · 2005-03-09 11:17:16 · Print · Reply to this
Forums » Up and Running » Security » SecurityCan someone please shed some light on this Alert? »
« PrevX Vulnerability Test.  

Sunday, 29-Nov 15:10:36 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [124] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [77] Verizon CEO: Hulu Will Be Dead Soon
· [77] Weekend Open Thread
· [69] In-Flight Internet Headed For Bumpy Landing?
· [63] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· Is Easynews down? [Filesharing Software]
· Are GPS's better today? [General Questions]
· Grey Cup on the Web? [Canadian Chat]
· Windows 7 boot manager editing questions [Microsoft Help]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· [NFL] Week 12 Games Thread [Sports Chat]
· Surfers beware !!! [TekSavvy]
· Anyone have a problem [Software]
· [ PVP] Druid pvp where to start? [World of Warcraft]
· [Newsgroups] Newzleech down? [Filesharing Software]