Top 10 Hacker IP origins and Top 10 Probed Ports for June 6th.

Todays update from SANS gives us three
charts to work with. The Top 10 IP's from
which hackers are attacking from, The Top
10 Most Probed Ports for June 6th, and a
new chart listing the Top 10 Ports where
there has been the most increased probing
activity.

The Korean Network Information Center at
210.179.19.61 takes first place this week
with an attacker originating from off
their IP. In second place is a hacker
attacking from a Canadian IP 207.61.168.13
owned by Compu-Solve Technologies of
Midland Ontario. Trailing in third place
is the hacker using the IP 199.78.61.254
owned by the US based HomeCom
Communications of Atlanta Georgia.

This weeks favorite Ports that are being
probed are at ports 111, 53 and 8000.
There has been a marked increase of probes
directed at Ports 1429, 27117 and 27107
over the past three days...

The busiest IP's from which hackers have been originating from for June 6 2001

Source IPHow Many
210.179.19.61
12001

207.61.168.13
8625

199.78.61.254
8435

62.116.11.68
6395

207.61.27.149
6365

168.126.116.172
6299

24.150.59.127
6092

211.49.127.37
6005

210.95.8.68
6002

211.119.252.121
6002

The Top 10 Most Probed Ports for June 6 2001

Destination PortHow Many
111
76103

53
56577

8000
15239

21
14008

0
10062

6346
9832

137
8933

80
8421

1080
7949

515
6790

Increased Port Activity

Destination Port Activity
1429infinite
27117infinite
27107infinite
1643infinite
47017infinite
7779infinite
15083.125
16118.3385
11914.7239
378213.6308

The "increase" is determined by comparing the past 3 days of activity
with the 30 days prior to that. A ratio of 1.0 would indicate that the
recent activity is the same as the past activity. A ratio > 1.0
indicates an increasing amount of activity, and a ratio < 1.0 indicates
a decreasing amount of activity.
If there is port activity for the past 3 days which was not seen in the
30 days prior to that, the ratio is infinite (we spell that out).

SANS.