DSL-IP Probes Curiousity..

Scott Granados scott at wworks.net
Fri Mar 14 05:56:45 UTC 2003


What does unknown mean?  And how can you count it if its unknown?  Not being
silly, genuinely curious.

----- Original Message -----
From: "Sean Donelan" <sean at donelan.com>
To: <nanog at merit.edu>
Sent: Thursday, March 13, 2003 9:30 PM
Subject: Re: DSL-IP Probes Curiousity..


>
> On Thu, 13 Mar 2003, McBurnett, Jim wrote:
> > I am just curious about this.
> > I see a rather unusual # of SNMP queiries
> > and port scans from  DSL
> > IP blocks in the US...
> >
> > How many of you really go after the script kiddies
> > doing this?
> >
> > I know 1, 2 or even 3 a day is not a concern for me,
> > but when I get 3 a day from the same source IP allocation,
> > I start wondering...
>
> I know people like to use sensational terms like "pre-attack
> reconnaissance" and "DOS attacks." There is a constant background
> hum on today's Internet, some of it is malicious, some of it is
> badly managed systems. Between automated web spiders, academics doing
> network discovery, automated worms, and badly designed "plug-n-play"
> software, your IDS system should be seeing stuff all the time.
>
> The Pentagon used to report amazing numbers for "network attacks,"
> anything from a single ping up to a full scale network compromise, but I
> haven't found recent numbers for 2002 or later.
>
> FedCIRC put out these numbers for 2002.
>
> Count Type
> 125 Root compromise
> 111 User compromise
> 46 Web Site Defacement
> 488,000 Reconnaissance Activity
> 36 Denial of Service
> 265 Malicious Code
> 22 DNS Attack
> 39 Misuse of Resources
> 1,268 Unknown
>
>
>




More information about the NANOG mailing list