Summary Report - (Past 24 hours)
ATLAS uses lightweight honeypot sensors to detect and fingerprint the attacks launched by malicious sources on the Internet. In most cases the attacker is trying to take control of the target via a published exploit for a known vulnerability. A variety of exploit tools exist and are usually written specifically for each attack vector.
Exploit attempts and attacks are most often launched from bots (hosts under an attacker's control), which will automatically try to exploit any possible host on the Internet. Attack origins are usually not spoofed, although the source host may be compromised or infected with malware.
Key Service Attacks per subnet Percentage TCP/5900 198.8146.2% TCP/22 (ssh) 64.3715.0% UDP/123 (ntp) 46.9710.9% TCP/80 (http) 43.0510.0% UDP/3544 (teredo) 17.224.0% UDP/161 (snmp) 16.033.7% TCP/3306 (mysql) 13.943.2% UDP/1434 (ms-sql-m) 12.042.8% UDP/53 (domain) 9.442.2% TCP/445 (microsoft-ds) 2.520.6% Other 5.831.4%
Key Country Attacks per subnet Percentage KR (South Korea) 76.3017.7% US (United States) 61.8514.4% CN (China) 47.0510.9% CA (Canada) 43.4310.1% CZ (Czech Republic) 17.094.0% PL (Poland) 11.612.7% RU (Russian Federation) 9.042.1% HU (Hungary) 8.732.0% MD (Moldova) 7.341.7% Other 147.7834.4%
Key Host Attacks per subnet Percentage 220.127.116.11 (ns509794.ip-167-114-100.net) 33.937.9% 18.104.22.168 29.686.9% 22.214.171.124 (ool-6038ae9a.static.optonline.net) 22.975.3% 126.96.36.199 (ool-1826f5c8.dyn.optonline.net) 17.104.0% 188.8.131.52 (host189-152-249-5.static.serverdedicati.aruba.it) 16.623.9% 184.108.40.206 9.412.2% 220.127.116.11 (0x1f2e92aa-static.rev.gyor.net) 8.682.0% 18.104.22.168 8.281.9% 22.214.171.124 (scanresearch1.syssec.ruhr-uni-bochum.de) 7.641.8% 126.96.36.199 (192-3-194-138-host.colocrossing.com) 7.351.7% Other 268.5662.4%