[nsp-sec] 700K Open Resolver List
Stephen Gill
gillsr at cymru.com
Tue Apr 14 11:54:00 EDT 2009
Hi Mike,
You are correct again, it was a very short window, not much more than 5
minutes if I recall. Also bear in mind the amplification factor in the
subsequent packets not part of the tally.
-- steve
On 4/13/09 11:58 PM, "Mike Lewinski" <mike at rockynet.com> wrote:
> ----------- nsp-security Confidential --------
>
> Stephen Gill wrote:
>> ----------- nsp-security Confidential --------
>>
>>> Can you clarify what the extra number is after the time field?
>>
>> That's the count of non-fragmented packets from the IP.
>
> Yay, I guessed that answer on my own.
>
> I wanted to give a customer an estimate of the volume they were
> contributing in terms of a pps rate, and assumed the total sample size
> was less than 300 seconds in duration based on the timestamp spread. Do
> I win a prize?
>
> Mike
> AS13345
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 630 230 5423 | gillsr at cymru.com
More information about the nsp-security
mailing list