[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200308120337.h7C3b7fZ001611@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: DCOM
On Mon, 11 Aug 2003 13:14:16 PDT, Joey <joey2cool@...oo.com> said:
> The targets total has stayed about the same for the
> past 2 weeks. I see no difference.
>
> http://isc.sans.org/port_details.html?port=135
It took me a while to figure that out, until I realized what was going on:
Port 135 probes are *SO* prevalent that *every single* submission to DShield
has at least one or two dozen (I know my laptop gets several an hour). So what
that's *REALLY* measuring is "How many DShield sites have made any sort of
report that day" - the "number of targets" is approximately "number of sensors
active today".
Take a look at the "sources" line instead....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030811/0fcf08f5/attachment.bin
Powered by blists - more mailing lists