ATLAS Service Report: Global TCP/2967

Service Report

Global TCP/2967

View:
Attacks
Sources

Output:
Print
XML
CSV

Top Attacks (past 24 hours)

Description	Attacks per subnet	Change from yesterday	CVE	Percentage
Symantec Rtvscan.exe remote management exploit attempt	8.78	+119.4 %	CVE-2006-3455	33.3%
symantec antivirus realtime virusscan overflow attempt	8.78	+120.8 %	CVE-2006-2630	33.3%
Symantec AV realtime VirusScan overflow attempt, SYMC06-010	8.78	+120.8 %	CVE-2006-2630	33.3%
POLICY Reserved IP Space Traffic - Bogon Nets 3	0.00	+100.0 %		0.0%
Other	0.00	N/A		0.0%

Sources (past 24 hours)

By Country

Country	Bytes per subnet	Percentage
CN (China)	4.04 kB	42.2%
KR (South Korea)	2.04 kB	21.3%
BE (Belgium)	1.49 kB	15.5%
ZA (South Africa)	1.46 kB	15.3%
FR (France)	458.09 B	4.8%
AR (Argentina)	29.65 B	0.3%
MW (Malawi)	27.87 B	0.3%
TH (Thailand)	23.07 B	0.2%
HK (Hong Kong)	4.98 B	0.1%
MX (Mexico)	2.92 B	0.0%
Other	4.42 B	0.0%

By ASN

ASN	Bytes per subnet	Percentage
AS4134 (CHINANET-BACKBONE)	3.74 kB	39.1%
AS4766 (KIXS-AS-KR)	2.04 kB	21.3%
AS5432 (BELGACOM-SKYNET-AS)	1.49 kB	15.5%
AS3741 (IS)	1.43 kB	15.0%
AS6678 (ASN-NOOS)	457.30 B	4.8%
AS17621 (CNCGROUP-SH)	101.81 B	1.1%
AS17964 (DXTNET)	71.33 B	0.7%
AS4837 (CHINA169-BACKBONE)	63.22 B	0.7%
AS9800 (UNICOM)	33.11 B	0.3%
AS7303 (Telecom)	29.65 B	0.3%
Other	119.13 B	1.2%

By Host

Host	Bytes per subnet	Percentage
211.219.171.173	1.75 kB	18.3%
218.23.53.228	1.26 kB	13.1%
222.186.13.50	715.61 B	7.5%
58.215.93.7	701.01 B	7.3%
91.179.29.38 (38.29-179-91.adsl-dyn.isp.belgacom.be)	570.92 B	6.0%
87.231.80.154	457.30 B	4.8%
58.53.128.68	428.10 B	4.5%
121.135.196.99	279.72 B	2.9%
61.191.56.70	195.72 B	2.0%
202.109.175.52	175.51 B	1.8%
Other	3.05 kB	31.8%

By Country

Country	Attacks per subnet	Percentage
CN (China)	21.03	79.9%
KR (South Korea)	4.06	15.4%
AR (Argentina)	0.97	3.7%
US (United States)	0.13	0.5%
HR (Croatia)	0.05	0.2%
NL (Netherlands)	0.04	0.2%
IT (Italy)	0.03	0.1%
MY (Malaysia)	0.03	0.1%
PL (Poland)	0.00	0.0%
VE (Venezuela)	0.00	0.0%
Other	0.00	0.0%

By ASN

ASN	Attacks per subnet	Percentage
AS4134 (CHINANET-BACKBONE)	19.46	73.9%
AS4766 (KIXS-AS-KR)	4.06	15.4%
AS7303 (Telecom)	0.97	3.7%
AS4837 (CHINA169-BACKBONE)	0.84	3.2%
AS24401 (CNNIC-TELNET-AP)	0.50	1.9%
AS17964 (DXTNET)	0.17	0.7%
AS7011 (FRONTIER-AND-CITIZENS)	0.08	0.3%
AS4808 (CHINA169-BJ)	0.06	0.2%
AS2108 (CARNET-AS)	0.05	0.2%
AS30776 (CASEMAISP-AS)	0.04	0.2%
Other	0.11	0.4%

By Host

Host	Attacks per subnet	Percentage
218.23.53.228	6.97	26.5%
58.215.93.7	6.48	24.6%
121.135.196.99	4.06	15.4%
61.147.115.37	3.88	14.7%
190.136.177.42	0.97	3.7%
222.186.13.50	0.89	3.4%
121.14.142.60	0.61	2.3%
220.249.96.168	0.57	2.2%
202.173.11.34	0.50	1.9%
202.109.175.52	0.33	1.2%
Other	1.09	4.1%

Background

Vendors:

Symantec

Vulnerabilities

CVE-2006-3455

Age: 674 days

Severity: Low

CVSS Score: 2.9

The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.

CVE-2006-2630

Age: 823 days

Severity: High

CVSS Score: 10.0

Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.