[56772] in North American Network Operators' Group
Re: DSL-IP Probes Curiousity..
daemon@ATHENA.MIT.EDU (Scott Granados)
Fri Mar 14 00:42:28 2003
Reply-To: "Scott Granados" <scott@wworks.net>
From: "Scott Granados" <scott@wworks.net>
To: "Sean Donelan" <sean@donelan.com>, <nanog@merit.edu>
Date: Thu, 13 Mar 2003 21:56:45 -0800
Errors-To: owner-nanog-outgoing@merit.edu
What does unknown mean? And how can you count it if its unknown? Not being
silly, genuinely curious.
----- Original Message -----
From: "Sean Donelan" <sean@donelan.com>
To: <nanog@merit.edu>
Sent: Thursday, March 13, 2003 9:30 PM
Subject: Re: DSL-IP Probes Curiousity..
>
> On Thu, 13 Mar 2003, McBurnett, Jim wrote:
> > I am just curious about this.
> > I see a rather unusual # of SNMP queiries
> > and port scans from DSL
> > IP blocks in the US...
> >
> > How many of you really go after the script kiddies
> > doing this?
> >
> > I know 1, 2 or even 3 a day is not a concern for me,
> > but when I get 3 a day from the same source IP allocation,
> > I start wondering...
>
> I know people like to use sensational terms like "pre-attack
> reconnaissance" and "DOS attacks." There is a constant background
> hum on today's Internet, some of it is malicious, some of it is
> badly managed systems. Between automated web spiders, academics doing
> network discovery, automated worms, and badly designed "plug-n-play"
> software, your IDS system should be seeing stuff all the time.
>
> The Pentagon used to report amazing numbers for "network attacks,"
> anything from a single ping up to a full scale network compromise, but I
> haven't found recent numbers for 2002 or later.
>
> FedCIRC put out these numbers for 2002.
>
> Count Type
> 125 Root compromise
> 111 User compromise
> 46 Web Site Defacement
> 488,000 Reconnaissance Activity
> 36 Denial of Service
> 265 Malicious Code
> 22 DNS Attack
> 39 Misuse of Resources
> 1,268 Unknown
>
>
>
