lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <686f76265a.6265a686f7@bigpond.com>
From: rocco.s at telstra.com (rocco.s)
Subject: Re: updated 135/tcp log counter mrtg image

> Is the graph total packets logged or unique IPs? Thanks. Trying to 
> get a handle on the spread...

total port 135 tcp/syn.
therefore spread fairly linear from what were seeing.

setting up blackholes on 135 and 4444 then using ngrep 'tftp -i'
(port 4444 attempt only occurs if attacking host gets a connect for 
135/tcp), yields differant results, showing approx 2.5% of traffic is 
non 'blast/poza/rant', but simple sweeps for 135/tcp.

using awk/uniq, i get 794 hosts from 5755 attempts @ 15:05 AEST.

----------------
Powered by telstra.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ