[nsp-sec] SYN-ACK backscatter from 60.191.221.41:7000

John Fraizer john at op-sec.us
Thu Apr 17 09:04:05 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't have anything from 60.191.221.41 but, I do see the following backscatter from TCP/7000:


4/14:

Top 1000 Src IP Addr ordered by flows:
Date first seen          Duration Proto      Src IP Addr    Flows  Packets    Bytes      pps      bps   bpp
2008-04-14 12:49:30.768   313.136 any      218.61.18.150     2417     2648   127096        8     3247    47
2008-04-14 12:50:03.124   126.328 any     202.104.187.55        4        4      178        0       11    44
2008-04-14 12:52:57.620     0.000 any        59.57.14.52        1        1       48        0        0    48

Summary: total flows: 2422, total bytes: 127322, total packets: 2653, avg bps: 3252, avg pps: 8, avg bpp: 47
Time window: 2008-04-14 12:48:36 - 2008-04-14 12:54:58
Total flows processed: 2203394, skipped: 0, Bytes read: 114578228
Sys: 0.361s flows/second: 6087665.5  Wall: 0.360s flows/second: 6108576.3



Just a few moments ago:

Top 1000 Src IP Addr ordered by flows:
Date first seen          Duration Proto      Src IP Addr    Flows  Packets    Bytes      pps      bps   bpp
2008-04-17 12:49:41.112   299.532 any     222.188.93.244       64       86     4128        0      110    48
2008-04-17 12:50:18.120   237.712 any    222.186.190.174       37       40     1920        0       64    48
2008-04-17 12:49:42.692    82.556 any      218.93.210.40       33       33     1584        0      153    48
2008-04-17 12:49:52.880   277.224 any     121.14.151.137       25       26     1248        0       36    48
2008-04-17 12:49:48.100   260.520 any      58.221.33.140       21       24     1152        0       35    48
2008-04-17 12:49:36.852   286.432 any     125.65.112.148       16       19      912        0       25    48
2008-04-17 12:49:47.980   230.012 any    222.186.190.166       10       11      520        0       18    47
2008-04-17 12:51:30.992     0.000 any      90.209.28.216        1        1       48        0        0    48

Summary: total flows: 207, total bytes: 11512, total packets: 240, avg bps: 303, avg pps: 0, avg bpp: 47
Time window: 2008-04-17 12:48:47 - 2008-04-17 12:54:58
Total flows processed: 2279088, skipped: 0, Bytes read: 118514352
Sys: 0.233s flows/second: 9741191.0  Wall: 0.232s flows/second: 9822342.7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iD8DBQFIB0rF+16lRpJszIgRAn+DAJ9v0mYCB06Co/ZuLna5klsQDI2mbACeOCZv
kaMZGbGNic/MwKu78K+hweM=
=PvTB
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list