[nsp-sec] Increased in HP OV NMM scanning (tcp/2954)
Rob Thomas
robt at cymru.com
Tue Apr 15 16:18:19 EDT 2008
Hi, team.
Looking only at TCP SYN flows for TCP 2954, the counts definitely
increased on 2008-04-10 UTC, with a noticeable increase on 2008-04-06
UTC. 2008-04-11 UTC was a banner day, it appears.
Date Count
2008-04-01 9301
2008-04-02 9317
2008-04-03 11808
2008-04-04 11581
2008-04-05 10108
2008-04-06 15067
2008-04-07 16931
2008-04-08 19126
2008-04-09 20700
2008-04-10 57133
2008-04-11 149495
2008-04-12 16630
2008-04-13 16700
2008-04-14 31105
2008-04-15 44881
Note that this will include some legitimate HP OV connectivity, of
course, but the scale is telling.
Thanks,
Rob.
--
Rob Thomas
Team Cymru
The WHO and WHY team
http://www.team-cymru.org/
More information about the nsp-security
mailing list