[nsp-sec] Some DNS stats
Rob Thomas
robt at cymru.com
Thu Jul 24 19:17:28 EDT 2008
Hi, team.
We've been watching for online criminal chatter regarding the DNS
vulnerabilities, exploits, and other fun. Thus far, other than mild
interest and some barbs tossed at a few of the researchers, there is no
great interest or development yet underway. I'm not asserting that we
see all online criminals and their activities, of course.
Our Darknets were pounded pretty heavily with UDP 53 scans in late
2008-06 and early 2008-07. I'm going to guess that these are
researchers, including some folks who have posted here. :)
Date UTC UDP 53 Scans
2008-06-01 1120
2008-06-02 3542
2008-06-03 4912
2008-06-04 30051
2008-06-05 35332
2008-06-06 38478
2008-06-07 19527
2008-06-09 2304
2008-06-09 46973
2008-06-10 40627
2008-06-11 2762
2008-06-12 39085
2008-06-13 42669
2008-06-14 15015
2008-06-15 476
2008-06-16 41818
2008-06-17 40874
2008-06-18 2453
2008-06-19 30498
2008-06-20 26092
2008-06-21 33628
2008-06-22 591
2008-06-23 36869
2008-06-24 37903
2008-06-25 31090
2008-06-26 3679
2008-06-27 38865
2008-06-28 38600
2008-06-29 36663
2008-06-30 69202
Date UTC UDP 53 Scans
2008-07-01 31428
2008-07-02 2439
2008-07-03 19623
2008-07-04 3684
2008-07-05 3157
2008-07-06 1468
2008-07-07 4458
2008-07-08 3212
2008-07-09 3366
2008-07-10 2881
2008-07-11 5498
2008-07-12 9510
2008-07-13 3834
2008-07-14 5705
2008-07-15 6042
2008-07-16 4850
2008-07-17 2152
2008-07-18 5482
2008-07-19 3568
2008-07-20 1236
2008-07-21 3860
2008-07-22 4265
2008-07-23 6420
We're seeing some increase in UDP 53 flows over the past few days.
2008-07-20 177093273 flows
2008-07-21 196195358 flows
2008-07-22 204001804 flows
2008-07-23 204702406 flows
2008-07-24 196775174 flows (thus far)
I'm still parsing the ICMP unreachable query results.
Thanks,
Rob.
--
Rob Thomas
Team Cymru
The WHO and WHY team
http://www.team-cymru.org/
More information about the nsp-security
mailing list