Summary Report
Global Scans
-
Summary (past 24 hours)
Key Service 
Bytes per subnet Percentage UDP/1434 (ms-sql-m) 420.25 kB 22.6%UDP/1026 307.81 kB 16.6%UDP/1027 287.33 kB 15.5%ICMP/8 181.48 kB 9.8%TCP/135 137.75 kB 7.4%TCP/445 (microsoft-ds) 74.45 kB 4.0%TCP/139 (netbios-ssn) 63.73 kB 3.4%TCP/22 (ssh) 34.80 kB 1.9%UDP/137 (netbios-ns) 32.58 kB 1.8%TCP/23 (telnet) 32.42 kB 1.7%Other 285.83 kB 15.4% -
Sources (past 24 hours)
By Country
Key Country Bytes per subnet Percentage 
CN (China)1.11 MB 59.9%
US (United States)125.81 kB 6.8%
ZA (South Africa)61.33 kB 3.3%
DE (Germany)59.86 kB 3.2%
BE (Belgium)56.54 kB 3.0%
FR (France)48.96 kB 2.6%
RU (Russian Federation)32.14 kB 1.7%
IT (Italy)27.37 kB 1.5%
GB (Great Britain)26.86 kB 1.4%
TW (Taiwan)24.80 kB 1.3%Other 282.11 kB 15.2%By ASN
Key ASN Bytes per subnet Percentage AS4837 (CHINA169-BACKBONE) 674.06 kB 36.3%AS4134 (CHINANET-BACKBONE) 338.75 kB 18.2%AS5432 (BELGACOM-SKYNET-AS) 53.61 kB 2.9%AS3741 (IS) 51.96 kB 2.8%AS17431 (TONET) 48.20 kB 2.6%AS3320 (DTAG) 44.31 kB 2.4%AS3269 (ASN-IBSNAZ) 22.79 kB 1.2%AS16276 (OVH) 20.37 kB 1.1%AS3462 (HINET) 19.05 kB 1.0%AS24400 (CMNET-V4SHANGHAI-AS-AP) 18.58 kB 1.0%Other 566.75 kB 30.5%By Host
Key Host Bytes per subnet Percentage 61.134.56.18 50.45 kB 2.7%202.99.11.99 48.19 kB 2.6%218.75.199.50 47.29 kB 2.5%61.153.50.237 45.90 kB 2.5%58.20.154.23 42.81 kB 2.3%61.132.223.14 37.54 kB 2.0%218.64.237.219 (219.237.64.218.broad.yt.jx.dynamic.163data.com.cn) 29.35 kB 1.6%124.165.225.109 27.19 kB 1.5%125.211.198.11 24.84 kB 1.3%125.211.198.21 24.57 kB 1.3%Other 1.48 MB 79.7%
Background
Host scanning is a process whereby automated network sweeps are initiated in search of hosts running a particular service. This may be indicative of either legitimate host scanners (including network management systems and authorized vulnerability scanners) or an attacker (or automated malicious code, such as a worm) trying to enumerate potential hosts for subsequent compromise.
Scans are often the prelude to an attack, and services scanned by attackers usually indicate known vulnerabilities for those services. Types of port scans include "connect()" scans, "SYN" scans, stealth scans, bounce scans, XMAS and Null scans. All reveal to the attacker which services on what hosts are listening for connections. Scans may be launched from compromised hosts, and their sources may be forged.
-
430 Bedford Street Lexington, MA 02420
T 781.684.0900 | 866.212.7267 F 781.768.3299
Copyright © 2006-2008 Arbor Networks, Inc., All rights reserved.
About ATLAS | Terms of Use | Legal Notice | Privacy Policy