DSL-IP Probes Curiousity..
Sean Donelan
sean at donelan.com
Fri Mar 14 05:30:53 UTC 2003
On Thu, 13 Mar 2003, McBurnett, Jim wrote:
> I am just curious about this.
> I see a rather unusual # of SNMP queiries
> and port scans from DSL
> IP blocks in the US...
>
> How many of you really go after the script kiddies
> doing this?
>
> I know 1, 2 or even 3 a day is not a concern for me,
> but when I get 3 a day from the same source IP allocation,
> I start wondering...
I know people like to use sensational terms like "pre-attack
reconnaissance" and "DOS attacks." There is a constant background
hum on today's Internet, some of it is malicious, some of it is
badly managed systems. Between automated web spiders, academics doing
network discovery, automated worms, and badly designed "plug-n-play"
software, your IDS system should be seeing stuff all the time.
The Pentagon used to report amazing numbers for "network attacks,"
anything from a single ping up to a full scale network compromise, but I
haven't found recent numbers for 2002 or later.
FedCIRC put out these numbers for 2002.
Count Type
125 Root compromise
111 User compromise
46 Web Site Defacement
488,000 Reconnaissance Activity
36 Denial of Service
265 Malicious Code
22 DNS Attack
39 Misuse of Resources
1,268 Unknown
More information about the NANOG
mailing list