Snort Statistics

The log begins at: Dec 4 14:21:22
The log ends at: Dec 5 13:05:20
Total events: 356
Signatures recorded: 11
Source IP recorded: 27
Destination IP recorded: 3

Number of attack from same host to same destination using same method

# of attacksfromtowith
31212.145.140.210195.82.120.99 SCAN nmap TCP : {TCP}
25195.198.113.35195.82.120.105 ULTRA - MS/SQL connection attempt : {TCP}
23212.203.29.2195.82.120.105 MS-SQL Worm propagation attempt : {UDP}
2066.80.146.7195.82.120.105 SMTP rcpt to sed command attempt : {TCP}
20202.160.180.198195.82.120.105 WEB-MISC robots.txt access : {TCP}
19212.203.29.2195.82.120.99 MS-SQL Worm propagation attempt : {UDP}
1971.97.21.229195.82.120.105 ICMP PING CyberKit 2.2 Windows : {ICMP}
1871.113.47.102195.82.120.105 ICMP PING CyberKit 2.2 Windows : {ICMP}
1866.221.222.19195.82.120.106 ULTRA - port 22 scanning : {TCP}
1866.249.64.35195.82.120.105 WEB-MISC robots.txt access : {TCP}
1468.142.217.140195.82.120.105 MS-SQL Worm propagation attempt : {UDP}
1381.132.215.255195.82.120.105 MS-SQL Worm propagation attempt : {UDP}
11195.82.213.29195.82.120.99 SCAN nmap TCP : {TCP}
11209.77.221.4195.82.120.105 ICMP PING CyberKit 2.2 Windows : {ICMP}
11222.139.127.64195.82.120.105 ICMP PING CyberKit 2.2 Windows : {ICMP}
10200.63.217.186195.82.120.106 SCAN nmap TCP : {TCP}
9209.191.65.88195.82.120.105 WEB-MISC robots.txt access : {TCP}
8216.145.5.42195.82.120.105 WEB-MISC robots.txt access : {TCP}
7195.71.52.90195.82.120.106 ICMP PING NMAP : {ICMP}
7200.141.63.162195.82.120.99 MS-SQL Worm propagation attempt : {UDP}
6159.237.4.2195.82.120.99 SCAN nmap TCP : {TCP}
659.11.50.227195.82.120.105 WEB-IIS view source via translate header : {TCP}
664.14.67.242195.82.120.105 MS-SQL Worm propagation attempt : {ICMP}
464.14.67.242195.82.120.105 SCAN nmap TCP : {ICMP}
4222.167.224.215195.82.120.105 ICMP PING CyberKit 2.2 Windows : {ICMP}
4211.22.169.2195.82.120.99 SCAN nmap TCP : {TCP}
364.233.182.196195.82.120.105 SMTP rcpt to sed command attempt : {TCP}
3212.203.29.2195.82.120.106 MS-SQL Worm propagation attempt : {UDP}
3195.82.213.211195.82.120.106 SCAN nmap TCP : {TCP}
2200.63.217.186195.82.120.99 SCAN nmap TCP : {TCP}
2195.198.113.35195.82.120.106 ULTRA - MS/SQL connection attempt : {TCP}
1199.231.48.128195.82.120.105 ICMP PING CyberKit 2.2 Windows : {ICMP}
Top

Percentage and number of attacks from a host to a destination

%# of attacksfromto
8.7131212.145.140.210 195.82.120.99
7.0225195.198.113.35 195.82.120.105
6.4623212.203.29.2 195.82.120.105
5.622066.80.146.7 195.82.120.105
5.6220202.160.180.198 195.82.120.105
5.341971.97.21.229 195.82.120.105
5.3419212.203.29.2 195.82.120.99
5.061871.113.47.102 195.82.120.105
5.061866.249.64.35 195.82.120.105
5.061866.221.222.19 195.82.120.106
3.931468.142.217.140 195.82.120.105
3.651381.132.215.255 195.82.120.105
3.0911209.77.221.4 195.82.120.105
3.0911222.139.127.64 195.82.120.105
3.0911195.82.213.29 195.82.120.99
2.811064.14.67.242 195.82.120.105
2.8110200.63.217.186 195.82.120.106
2.539 209.191.65.88 195.82.120.105
2.258 216.145.5.42 195.82.120.105
1.977 200.141.63.162 195.82.120.99
1.977 195.71.52.90 195.82.120.106
1.696 159.237.4.2 195.82.120.99
1.696 59.11.50.227 195.82.120.105
1.124 211.22.169.2 195.82.120.99
1.124 222.167.224.215 195.82.120.105
0.843 64.233.182.196 195.82.120.105
0.843 195.82.213.211 195.82.120.106
0.843 212.203.29.2 195.82.120.106
0.562 195.198.113.35 195.82.120.106
0.562 200.63.217.186 195.82.120.99
0.281 199.231.48.128 195.82.120.105
Top

Percentage and number of attacks from one host to any with same method

%# of attacksfromtype
12.6445 212.203.29.2 MS-SQL Worm propagation attempt : {UDP}
8.7131 212.145.140.210 SCAN nmap TCP : {TCP}
7.5827 195.198.113.35 ULTRA - MS/SQL connection attempt : {TCP}
5.6220 202.160.180.198 WEB-MISC robots.txt access : {TCP}
5.6220 66.80.146.7 SMTP rcpt to sed command attempt : {TCP}
5.3419 71.97.21.229 ICMP PING CyberKit 2.2 Windows : {ICMP}
5.0618 66.221.222.19 ULTRA - port 22 scanning : {TCP}
5.0618 71.113.47.102 ICMP PING CyberKit 2.2 Windows : {ICMP}
5.0618 66.249.64.35 WEB-MISC robots.txt access : {TCP}
3.9314 68.142.217.140 MS-SQL Worm propagation attempt : {UDP}
3.6513 81.132.215.255 MS-SQL Worm propagation attempt : {UDP}
3.3712 200.63.217.186 SCAN nmap TCP : {TCP}
3.0911 209.77.221.4 ICMP PING CyberKit 2.2 Windows : {ICMP}
3.0911 222.139.127.64 ICMP PING CyberKit 2.2 Windows : {ICMP}
3.0911 195.82.213.29 SCAN nmap TCP : {TCP}
2.539 209.191.65.88 WEB-MISC robots.txt access : {TCP}
2.258 216.145.5.42 WEB-MISC robots.txt access : {TCP}
1.977 200.141.63.162 MS-SQL Worm propagation attempt : {UDP}
1.977 195.71.52.90 ICMP PING NMAP : {ICMP}
1.696 159.237.4.2 SCAN nmap TCP : {TCP}
1.696 59.11.50.227 WEB-IIS view source via translate header : {TCP}
1.696 64.14.67.242 MS-SQL Worm propagation attempt : {ICMP}
1.124 222.167.224.215 ICMP PING CyberKit 2.2 Windows : {ICMP}
1.124 64.14.67.242 SCAN nmap TCP : {ICMP}
1.124 211.22.169.2 SCAN nmap TCP : {TCP}
0.843 195.82.213.211 SCAN nmap TCP : {TCP}
0.843 64.233.182.196 SMTP rcpt to sed command attempt : {TCP}
0.281 199.231.48.128 ICMP PING CyberKit 2.2 Windows : {ICMP}
Top

Percentage and number of attacks to one certain host

%# of attackstotype
17.9864 195.82.120.105 ICMP PING CyberKit 2.2 Windows : {ICMP}
15.4555 195.82.120.105 WEB-MISC robots.txt access : {TCP}
15.1754 195.82.120.99 SCAN nmap TCP : {TCP}
14.0450 195.82.120.105 MS-SQL Worm propagation attempt : {UDP}
7.3026 195.82.120.99 MS-SQL Worm propagation attempt : {UDP}
7.0225 195.82.120.105 ULTRA - MS/SQL connection attempt : {TCP}
6.4623 195.82.120.105 SMTP rcpt to sed command attempt : {TCP}
5.0618 195.82.120.106 ULTRA - port 22 scanning : {TCP}
3.6513 195.82.120.106 SCAN nmap TCP : {TCP}
1.977 195.82.120.106 ICMP PING NMAP : {ICMP}
1.696 195.82.120.105 WEB-IIS view source via translate header : {TCP}
1.696 195.82.120.105 MS-SQL Worm propagation attempt : {ICMP}
1.124 195.82.120.105 SCAN nmap TCP : {ICMP}
0.843 195.82.120.106 MS-SQL Worm propagation attempt : {UDP}
0.562 195.82.120.106 ULTRA - MS/SQL connection attempt : {TCP}
Top

Distribution of attack methods

%# of attacksmethods
22.1979 MS-SQL Worm propagation attempt
18.8267 SCAN nmap TCP
17.9864 ICMP PING CyberKit 2.2 Windows
15.4555 WEB-MISC robots.txt access
7.5827 ULTRA - MS/SQL connection attempt
6.4623 SMTP rcpt to sed command attempt
5.0618 ULTRA - port 22 scanning
1.977 ICMP PING NMAP
1.696 MS-SQL Worm propagation attempt
1.696 WEB-IIS view source via translate header
1.124 SCAN nmap TCP
Top
Generated by snort_stat.pl