[Tfug] ids
Ted Frohling
tfug@tfug.org
Tue Sep 3 18:41:02 2002
On Tuesday 03 September 2002 16:59, Andre Lehovich wrote:
> On Tue, 3 Sep 2002, Ted Frohling wrote:
> > > We get between 300K and 800K per day for the main UA net
> >
> > Jeez... I meant per week.
>
> I'm trying to decide if this is a big number or not.
> What's defined as an incident? If someone port-scans all of
> 128.148 is that 1 incident or 64K?
Depends. We don't count port scans as a general rule. If we did,
then it would probably be 64k.
Here are some stats from last week, you can be the judge.
Category ID Hits Category Description
1 58301 Root Compromise
2 12634 Password Compromise/Rerouting
3 18235 Web Server Compromise
4 287460 Denial of Service
5 72488 Reconissance
6 1402 Eluding Detection
7 38 Covert Channel
10 38 Other
By far, the biggest hits are folks sending large ICMP packets.
Count of HITS to and from campus
Outbound: 205876
Inbound: 290620
Total: 496496
We generally give as good as we get. :-)
ted
>
> --Andre
>
>
> _______________________________________________
> tfug mailing list
> tfug@tfug.org
> http://www.tfug.org/mailman/listinfo/tfug
--
Ted Frohling (TF30-ARIN) The University of Arizona
520.621.4834 Security Incident Response Team CCIT Room 126
tsf-at-Arizona.EDU CCIT - Network Operations PO Box 210073
www.Telcom.Arizona.EDU/tsf Tucson, AZ 85721-0073