What does unknown mean? And how can you count it if its unknown? Not being silly, genuinely curious.
----- Original Message ----- From: "Sean Donelan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 13, 2003 9:30 PM Subject: Re: DSL-IP Probes Curiousity.. > > On Thu, 13 Mar 2003, McBurnett, Jim wrote: > > I am just curious about this. > > I see a rather unusual # of SNMP queiries > > and port scans from DSL > > IP blocks in the US... > > > > How many of you really go after the script kiddies > > doing this? > > > > I know 1, 2 or even 3 a day is not a concern for me, > > but when I get 3 a day from the same source IP allocation, > > I start wondering... > > I know people like to use sensational terms like "pre-attack > reconnaissance" and "DOS attacks." There is a constant background > hum on today's Internet, some of it is malicious, some of it is > badly managed systems. Between automated web spiders, academics doing > network discovery, automated worms, and badly designed "plug-n-play" > software, your IDS system should be seeing stuff all the time. > > The Pentagon used to report amazing numbers for "network attacks," > anything from a single ping up to a full scale network compromise, but I > haven't found recent numbers for 2002 or later. > > FedCIRC put out these numbers for 2002. > > Count Type > 125 Root compromise > 111 User compromise > 46 Web Site Defacement > 488,000 Reconnaissance Activity > 36 Denial of Service > 265 Malicious Code > 22 DNS Attack > 39 Misuse of Resources > 1,268 Unknown > > >