UDP:137 source IP distribution

From: John Sage (jsageat_private)
Date: Wed Oct 02 2002 - 11:39:28 PDT

Next message: Igor D. Spivak: "Re: maybe a simple problem"

Previous message: stealth: "Possible remote vulnerability in SSH-1.2.27"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Source IP distribution for UDP:137 probes received, 09/28/02-10/01/02.

Fully 80.5% are from 2xx.x.x.x or 6x.x.x.x


Given:

wc -l 09_28-10_01:UDP:137_IP_distribution.txt
  526 09_28-10_01:UDP:137_IP_distribution.txt

So 526 unique source IP addresses; I'm at 12.82.13x.x or 12.82.12x.x
as a dialup into AT&T's Seattle WA POP...


290 or 55% from 2xx.x.x.x:
grep -c '] 2..\.' 09_28-10_10:UDP:137_IP_distribution.txt
290 

grep -c '] 211\.' 09_28-10_10:UDP:137_IP_distribution.txt
57

grep -c '] 200\.' 09_28-10_10:UDP:137_IP_distribution.txt
51

grep -c '] 218\.' 09_28-10_10:UDP:137_IP_distribution.txt
30

grep -c '] 210\.' 09_28-10_10:UDP:137_IP_distribution.txt
25

grep -c '] 203\.' 09_28-10_10:UDP:137_IP_distribution.txt
24

grep -c '] 202\.' 09_28-10_10:UDP:137_IP_distribution.txt
16

grep -c '] 213\.' 09_28-10_10:UDP:137_IP_distribution.txt
16

grep -c '] 216\.' 09_28-10_10:UDP:137_IP_distribution.txt
14

grep -c '] 212\.' 09_28-10_10:UDP:137_IP_distribution.txt
13

grep -c '] 217\.' 09_28-10_10:UDP:137_IP_distribution.txt
13



134 or 25.5% from 6x.x.x.x:
grep -c '] 6.\.' 09_28-10_10:UDP:137_IP_distribution.txt
134

grep -c '] 61\.' 09_28-10_10:UDP:137_IP_distribution.txt
61

grep -c '] 62\.' 09_28-10_10:UDP:137_IP_distribution.txt
22

grep -c '] 64\.' 09_28-10_10:UDP:137_IP_distribution.txt
12

grep -c '] 66\.' 09_28-10_10:UDP:137_IP_distribution.txt
12

grep -c '] 65\.' 09_28-10_10:UDP:137_IP_distribution.txt
11



24 or 4.5% from 12.x.x.x:
grep -c '] 12\.' 09_28-10_10\:UDP:137_IP_distribution.txt
24



19 or 3.6% from 8x.x.x.x:
grep -c '] 8.\.' 09_28-10_10:UDP:137_IP_distribution.txt
19




18 or 3.4% from 2x.x.x.x:
grep -c '] 2.\.' 09_28-10_10:UDP:137_IP_distribution.txt
18



- John
-- 
"It's a troll! Run!^H^H^H^H Laugh!"

PGP key:     http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800  4EF6 5FC8 F23D 35A4 F705

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Igor D. Spivak: "Re: maybe a simple problem"
Previous message: stealth: "Possible remote vulnerability in SSH-1.2.27"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 13:39:36 PDT