 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
Hi, The graph seems to be a big misleading. If you look at the actual numbers in the data you see that on 9-11 there were 18368 sources, and 6 targets. If a firewall is configured for default allow outbound, then the file sharing application communicates successfully to the many remote peers. When the remote peers try to respond, they get dropped at the firewall. Therefore you have lots of sources to only a few destinations. All these records are submitted to dshield and you see a spike in the graph. Also if you look up port 7674, you see a similar increase on 9-11. Regards, - Mike -- Mike Wisener, GCIA Senior Information Security Analyst LURHQ Corporation [EMAIL PROTECTED] > Thanks, interesting paper. > > But doesn't seem to explain the nature of the peaks in the dshield > graph for this port. Although the server is in Korea I can't see why > music server software would hit Dshield ports in such a regular > fashion unless it is a deliberate feature of the software. > > What time series analysis is done on the DSHIELD data? Obviously some > sort of trend analysis to note ups and downs per port, but has anyone > done any more detailed analysis to look for other features? Can I get > timeseries of port 22321 going further back in time? Raw data? > > > _______________________________________________ > list mailing list > [EMAIL PROTECTED] > To change your subscription options (or unsubscribe), see: > http://www.dshield.org/mailman/listinfo/list _______________________________________________ list mailing list [EMAIL PROTECTED] To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.