republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Difference a year makes, good news, bad news
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Can someone please shed some light on this Alert? »
« PrevX Vulnerability Test.  
AuthorAll Replies

astirusty
Premium
join:2000-12-23
Henderson, NV
·AT&T Southwest

reply to Link Logger
Re: Difference a year makes, good news, bad news

said by Link Logger See Profile:

drilling into this almost 98% came from x.x.*.* and at this level we see the spread of source for 445 scans.
So if we want to clean up the internet of all these scans - we just need to get your entire sub-domain blocked?!?

On a serious note, this information is very interesting. I am taking a SWAG here, but the viruses/worms are setup this way so they draw less attention? Because the hackers know (or believe) the ISPs have not in the past monitored or filtered at these levels??
to forum · permalink · · 2005-03-09 11:17:16 · Reply to this


jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA

 reply to Link Logger
Now that is an interesting set of graphics!

But the last one is kinda scary! (That's the various Class C subnets there, isn't it?)
--
Regards, Joseph V. Morris
to forum · permalink · · 2005-03-09 11:13:19 · Reply to this


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw

reply to jvmorris
Click for full size
*.*.*.*
Click for full size
x.*.*.*
Click for full size
x.x.*.*
In Feb/2005 80% of all inbound 445 scans came from my local netblock x.*.*.*, drilling into this almost 98% came from x.x.*.* and at this level we see the spread of source for 445 scans. Hence you can say the most prevalent worms only vary the last two number of your IP Address when scanning. So if my local ISP wanted to drop their network bandwidth and load, they could by cleaning up locally infected systems or filtering various ports like 445.

I will add these three charts to my page which show this.

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel
to forum · permalink · · 2005-03-09 10:58:33 · Reply to this
Forums » Up and Running » Security » SecurityCan someone please shed some light on this Alert? »
« PrevX Vulnerability Test.  

Thursday, 10-Dec 07:22:45 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [200] Sprint Sued For Distracted Driving Death
· [117] AT&T Launching New 24 Mbps U-Verse Tier
· [82] 3G Network Test Says AT&T Is Tops
· [72] Mediacom Unveils 105 Mbps Pricing
· [68] AT&T Hints At Usage-Based iPhone Data Pricing
· [66] Sprint Poised For A Turnaround?
· [66] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [51] The Future Of Wi-Fi Is Bright
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [45] Microwaving Your Innards Is Not 'Extreme'
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· Cross Server Dungeon Experience [World of Warcraft]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· Official "Invite" thread Part 3 - ALL INVITES GO HERE ! [Filesharing Software]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· [Equipment] Low Cost CPE For Customers [Wireless Service Providers]
· The aftermath [World of Warcraft]
· Comcast refused to install 400' feet. [Comcast HSI]
· SB6120 Firmware update [Comcast HSI]