> From: dave.goldsmithat_private > We have a sniffer located on the network segment behind our Internet router > and in front of the firewall. The stats below show attempts from Internet > hosts to connect to port 80 on random IP addresses on our class B network. > I have not included any connections to the machines that are running web > servers that are reachable from the Internet. Dave, Wow! I've got a similar setup and have been tracking these probes since 7/13. I'm lining our stats up side-by-side for comparison purposes. Man they're similar! I have no idea why my class-b was getting hit more frequently to start with. I'm speculating that my address space just happened to get hit more by the worm's 'random' address generator. Day Hour Total Unique Total Unique Connections Sources Connections Sources ============ ======================== ======================= 07/19 00 120 17 12699 2450 07/19 01 81 12 13059 2577 07/19 02 62 11 13272 2590 07/19 03 97 20 13056 2564 07/19 04 85 18 13283 2632 07/19 05 128 20 13229 2612 07/19 06 140 20 13554 2601 07/19 07 212 34 13517 2608 07/19 08 645 137 13746 2685 07/19 09 5717 1281 16819 3325 07/19 10 36879 8186 36589 7838 07/19 11 150913 34361 116083 26823 07/19 12 362011 79789 295348 68085 07/19 13 519846 111148 466542 103522 07/19 14 556220 117946 520973 113451 07/19 15 547087 115193 513513 115124 07/19 16 540009 115983 513894 90931 07/19 17 519810 111290 499642 111175 07/19 18 499565 107106 480850 106215 07/19 19 390019 89331 449712 97699 07/19 20 14541 3493 26687 7319 07/19 21 9733 2233 9197 2181 07/19 22 9093 1882 7782 1814 07/19 23 8539 1672 7056 1648 ======= ======= ======= ====== Day Total 4171552 274041 4080321 279911 Ken Eichman Senior Security Engineer Chemical Abstracts Service Tel: (614) 447-3838 ext 3230 2540 Olentangy River Road Fax: (614) 447-3855 Columbus, OH 43210 Email: keichmanat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 10:01:00 PDT