DSL-IP Probes Curiousity..

• Previous message (by thread): DSL-IP Probes Curiousity..
• Next message (by thread): DSL-IP Probes Curiousity..
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 13 Mar 2003, McBurnett, Jim wrote:
> I am just curious about this.
> I see a rather unusual # of SNMP queiries
> and port scans from  DSL
> IP blocks in the US...
>
> How many of you really go after the script kiddies
> doing this?
>
> I know 1, 2 or even 3 a day is not a concern for me,
> but when I get 3 a day from the same source IP allocation,
> I start wondering...

I know people like to use sensational terms like "pre-attack
reconnaissance" and "DOS attacks." There is a constant background
hum on today's Internet, some of it is malicious, some of it is
badly managed systems. Between automated web spiders, academics doing
network discovery, automated worms, and badly designed "plug-n-play"
software, your IDS system should be seeing stuff all the time.

The Pentagon used to report amazing numbers for "network attacks,"
anything from a single ping up to a full scale network compromise, but I
haven't found recent numbers for 2002 or later.

FedCIRC put out these numbers for 2002.

Count	Type
125	Root compromise
111	User compromise
46	Web Site Defacement
488,000 Reconnaissance Activity
36	Denial of Service
265	Malicious Code
22	DNS Attack
39	Misuse of Resources
1,268	Unknown

• Previous message (by thread): DSL-IP Probes Curiousity..
• Next message (by thread): DSL-IP Probes Curiousity..
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]