Hello All, I am trying to get real figures on how much blaster scanning is going on to my network, but I don't have enough information. I am seeing 2200 packets per minute average (for TCP 135, 137-139) on my ingress points. As I'm advertising a /19 that's around .27 RCP and netbios packets per IP address per second being sent to my IP range. I haven't done a long-term look at RCP and netbios traffic on the web so I have no way to determine how much is blaster generated, does anyone have baseline information on the amount of RCP and netbios packets were on the web before blaster was propagated? Alternatively, has anyone worked out the % of blaster scan as opposed to "normal" background RCP and netbios traffic? Thanks, Greg Pendergrass -------------------------------------------------- Network Security Manager Vodafone Global Content Services Vodafone Global Content Services Limited Registered Office: Vodafone House, The Connection, Newbury, Berkshire RG14 2FN Registered in England No. 4064873 This e-mail is for the addressee(s) only. If you are not an addressee, you must not distribute, disclose, copy, use or rely on this e-mail or its contents, and you must immediately notify the sender and delete this e-mail and all copies from your system. Any unauthorised use may be unlawful. The information contained in this e-mail is confidential and may also be legally privileged.
On Thu, Aug 14, 2003 at 10:17:16AM +0100, Pendergrass, Greg wrote: [snip]
I haven't done a long-term look at RCP and netbios traffic on the web so I have no way to determine how much is blaster generated, does anyone have baseline information on the amount of RCP and netbios packets were on the web before blaster was propagated? Alternatively, has anyone worked out the % of blaster scan as opposed to "normal" background RCP and netbios traffic?
Negative, but the normal background noise of netbios+friends (including 445) is constant & at a high enough rate that on some residential broadband networks, a pause/break in the activity in one's filter log files is the most reliable way to detect network outages. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
participants (2)
-
Joe Provo
-
Pendergrass, Greg