ATLAS Summary Report: Global Attacks

Summary Report

Global Attacks

View:
Summary
Sources
Droplist

Output:
Print
XML
CSV

Summary (past 24 hours)

Top Attacks

Description	Attacks per subnet	Change from yesterday	CVE	Percentage
Microsoft SQL Server version buffer overflow attempt	239.47	-20.0 %	CVE-2002-0649	38.5%
Microsoft Windows RPC Messenger Service pop-up spam	162.27	-22.0 %		26.1%
ASN.1 constructed bit string	33.20	+7.9 %	CVE-2005-1935	5.3%
Microsoft Windows ASN.1 Library buffer overflow attempt	33.12	+8.3 %	CVE-2003-0818	5.3%
VNC network scanning activity	32.41	+24.6 %		5.2%

By Service

Service	Attacks per subnet	Percentage
UDP/1434 (ms-sql-m)	239.58	38.5%
UDP/1026	74.69	12.0%
UDP/1027	70.48	11.3%
TCP/445 (microsoft-ds)	68.39	11.0%
TCP/2967	41.02	6.6%
UDP/1028	17.46	2.8%
TCP/135	16.92	2.7%
TCP/9988	15.48	2.5%
TCP/23 (telnet)	13.99	2.2%
TCP/5901	13.02	2.1%
Other	51.13	8.2%

Sources (past 24 hours)

By Country

Country	Attacks per subnet	Percentage
CN (China)	376.79	60.6%
CA (Canada)	55.18	8.9%
US (United States)	41.63	6.7%
BE (Belgium)	20.67	3.3%
FR (France)	17.16	2.8%
HR (Croatia)	11.99	1.9%
JP (Japan)	8.97	1.4%
DE (Germany)	8.26	1.3%
PL (Poland)	6.18	1.0%
KR (South Korea)	6.13	1.0%
Other	69.20	11.1%

By ASN

ASN	Attacks per subnet	Percentage
AS4134 (CHINANET-BACKBONE)	179.02	28.8%
AS4837 (CHINA169-BACKBONE)	147.29	23.7%
AS6327 (SHAW)	52.97	8.5%
AS17431 (TONET)	25.06	4.0%
AS5432 (BELGACOM-SKYNET-AS)	20.39	3.3%
AS16276 (OVH)	13.58	2.2%
AS35648 (T-MOBILE-HR-AS)	11.97	1.9%
AS19262 (VZGNI-TRANSIT)	6.78	1.1%
AS3320 (DTAG)	6.17	1.0%
AS7132 (SBIS-AS)	5.97	1.0%
Other	152.94	24.6%

By Host

Host	Attacks per subnet	Percentage
61.134.56.18	26.58	4.3%
202.99.11.99	25.06	4.0%
218.75.199.50	24.82	4.0%
61.153.50.237	24.49	3.9%
58.20.154.23	22.46	3.6%
61.132.223.14	19.78	3.2%
218.64.237.219 (219.237.64.218.broad.yt.jx.dynamic.163data.com.cn)	15.35	2.5%
124.165.225.109	14.39	2.3%
87.252.152.205	11.97	1.9%
222.82.249.235	9.72	1.6%
Other	427.52	68.7%

Background

ATLAS uses lightweight honeypot sensors to detect and fingerprint the attacks launched by malicious sources on the Internet. In most cases the attacker is trying to take control of the target via a published exploit for a known vulnerability. A variety of exploit tools exist and are usually written specifically for each attack vector.

Exploit attempts and attacks are most often launched from bots (hosts under an attacker's control), which will automatically try to exploit any possible host on the Internet. Attack origins are usually not spoofed, although the source host may be compromised or infected with malware.