Top 10 Hacker IP origins and Top 10 Probed Ports for June 6th.
Todays update from SANS gives us three
charts to work with. The Top 10 IP's from
which hackers are attacking from, The Top
10 Most Probed Ports for June 6th, and a
new chart listing the Top 10 Ports where
there has been the most increased probing
activity.
The Korean Network Information Center at
210.179.19.61 takes first place this week
with an attacker originating from off
their IP. In second place is a hacker
attacking from a Canadian IP 207.61.168.13
owned by Compu-Solve Technologies of
Midland Ontario. Trailing in third place
is the hacker using the IP 199.78.61.254
owned by the US based HomeCom
Communications of Atlanta Georgia.
This weeks favorite Ports that are being
probed are at ports 111, 53 and 8000.
There has been a marked increase of probes
directed at Ports 1429, 27117 and 27107
over the past three days...
The busiest IP's from which hackers have been originating from for June 6 2001
Source IPHow Many
210.179.19.61
12001
207.61.168.13
8625
199.78.61.254
8435
62.116.11.68
6395
207.61.27.149
6365
168.126.116.172
6299
24.150.59.127
6092
211.49.127.37
6005
210.95.8.68
6002
211.119.252.121
6002
The Top 10 Most Probed Ports for June 6 2001
Destination PortHow Many
111
76103
53
56577
8000
15239
21
14008
0
10062
6346
9832
137
8933
80
8421
1080
7949
515
6790
Increased Port Activity
Destination Port Activity
1429infinite
27117infinite
27107infinite
1643infinite
47017infinite
7779infinite
15083.125
16118.3385
11914.7239
378213.6308
The "increase" is determined by comparing the past 3 days of activity
with the 30 days prior to that. A ratio of 1.0 would indicate that the
recent activity is the same as the past activity. A ratio > 1.0
indicates an increasing amount of activity, and a ratio < 1.0 indicates
a decreasing amount of activity.
If there is port activity for the past 3 days which was not seen in the
30 days prior to that, the ratio is infinite (we spell that out).
SANS.