__/ [ The Ghost In The Machine ] on Monday 06 March 2006 15:00 \__
> count | toport | protocol
> -------+--------+----------
> 7500 | 6348 | TCP Gnutella non-attack
> 4757 | 6348 | UDP Gnutella non-attack
> 4685 | 445 | TCP Microsoft DS service
> 2306 | 1026 | UDP Win NT MSTask service
> 2104 | 139 | TCP NetBIOS Session Service
> 1292 | 1027 | UDP ICQ
> 1195 | 13879 | UDP unknown
> 1193 | 135 | TCP epmap
> 676 | 4662 | TCP eMule / P2P
> 341 | 1025 | UDP win-rpc
>
> It turns out the Internet Storm Center does this far better than I can,
Statistical samples are larger so they converge to the true proportions.
> http://isc.incidents.org/
...Only useful if you ever bother to check the neighbour's grabage. *smile*
> but it's clear that there is some good news out there if the Gnutella
> counts are higher than the true attack counts here. (Since I don't
> participate in Gnutella, I'm a little puzzled, but presumably these are
> just "sniffprobes".)
Posting the above will only encourage more sniffing. *sniff*
> The bad news: 4 or 5 of them are still from That Other Vendor.
Pepsi?
> Be safe out there. :-)
Judging by the above, 'media injection' is the primary risk.
--
Roy S. Schestowitz | "Ping this IP, see if it responds the second time"
http://Schestowitz.com | SuSE Linux | PGP-Key: 0x74572E8E
5:55pm up 5 days 13:33, 9 users, load average: 0.39, 0.49, 0.62
http://iuron.com - next generation of search paradigms
|
|
