Hi Brian,
Let's do some stats on my firewall's logs located on a 24.x.x.x
(cable modem - high target for those scans):
[root_at_cesam /]# fgrep -c ':1080 ' /var/log/messages*
/var/log/messages:10
/var/log/messages.1:69
/var/log/messages.2:25
/var/log/messages.3:19
/var/log/messages.4:17
[root_at_cesam /]# ls -l /var/log/messages*
-rw------- 1 root root 177585 Jan 31 19:56 /var/log/messages
-rw------- 1 root root 438638 Jan 28 03:47 /var/log/messages.1
-rw------- 1 root root 232626 Jan 21 03:43 /var/log/messages.2
-rw------- 1 root root 162632 Jan 14 03:02 /var/log/messages.3
-rw------- 1 root root 184867 Jan 7 03:24 /var/log/messages.4
So I've received, during this month:
10 packets between the 28 & 31 : 3.3/day ave.
69 packets between the 21 & 28 : 9.9/day ave.
25 packets between the 14 & 7: 3.6/day ave.
17 packets between the 1st & 7: 2.4/day ave.
So far this week has been quite normal, especially compared to last
week. But maibe a couple of script kiddies decided to scan your
particular subnet, while they were scanning mine last week...
Hope this helps,
GFK's
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Did anyone other than myself notice a metric ton of WinGate scans the
>past two days for both 1080 and 8080?!?
>I would estimate that 80-90% of our customers experienced extremely
>high numbers of these scans yesterday and today.
>
>Anyone else notice this or am I just not lucky today?!?!
>
>
>
>Best Regards,
>
>
>Brian D. Taylor
>Level 2 Security Analyst
>SecureWorks/IMSC
>www.secureworks.net
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
>iQA/AwUBOnenOwBthbPW+yLIEQKttwCgqthatztLVaN5I7iBp/22XpnJiGgAmwR0
>xNE0IhJgCPlvwzZLLlpl7W84
>=J1IO
>-----END PGP SIGNATURE-----
--
Guillaume Filion
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA
- application/pgp-signature attachment: stored
Received on Feb 01 2001
Intro
