Snort Statistics

The log begins at:	11 29 09:44:04
The log ends at:	11 30 07:19:17
Total events:	1957
Signatures recorded:	20
Source IP recorded:	52
Destination IP recorded:	15

Distribution of attack methods

%	# of attacks	methods
86.46	1692	DDOS Stacheldraht agent->handler (skillz)
	846	192.168.100.28 -> 217.116.38.10
	846	192.168.100.28 -> 61.134.3.11
10.27	201	ICMP PING speedera
	13	64.14.117.10 -> 192.168.100.28
	13	208.185.54.14 -> 192.168.100.28
	13	63.218.7.130 -> 192.168.100.28
	13	64.15.251.198 -> 192.168.100.28
	13	64.0.96.12 -> 192.168.100.28
	13	212.62.17.145 -> 192.168.100.28
	13	204.176.88.5 -> 192.168.100.28
	13	213.61.6.2 -> 192.168.100.28
	13	66.28.255.130 -> 192.168.100.28
	10	66.28.47.162 -> 192.168.100.28
	9	216.73.82.10 -> 192.168.100.28
	5	63.123.77.194 -> 192.168.100.28
	4	208.254.75.130 -> 192.168.100.28
	3	64.124.186.66 -> 192.168.100.28
	3	203.197.173.129 -> 192.168.100.28
	3	65.203.232.2 -> 192.168.100.28
	3	211.14.0.99 -> 192.168.100.28
	3	202.54.111.72 -> 192.168.100.28
	3	216.74.133.194 -> 192.168.100.28
	3	202.130.158.130 -> 192.168.100.28
	3	203.89.210.82 -> 192.168.100.28
	3	66.236.129.66 -> 192.168.100.28
	3	203.199.107.187 -> 192.168.100.28
	2	209.164.7.66 -> 192.168.100.28
	2	216.73.84.10 -> 192.168.100.28
	2	64.37.246.2 -> 192.168.100.28
	2	206.65.191.194 -> 192.168.100.28
	2	64.28.86.226 -> 192.168.100.28
	2	165.193.217.2 -> 192.168.100.28
	2	208.225.197.194 -> 192.168.100.28
	2	216.73.83.10 -> 192.168.100.28
	1	65.214.50.130 -> 192.168.100.28
	1	63.219.179.130 -> 192.168.100.28
	1	211.13.227.66 -> 192.168.100.28
	1	66.28.34.130 -> 192.168.100.28
	1	208.184.139.82 -> 192.168.100.28
	1	202.144.78.2 -> 192.168.100.28
	1	209.68.217.194 -> 192.168.100.28
	1	193.214.57.194 -> 192.168.100.28
	1	62.4.74.66 -> 192.168.100.28
	1	202.160.241.130 -> 192.168.100.28
0.66	13	CHAT IRC nick change
	7	80.117.14.44 -> 192.168.100.28
	6	192.168.100.28 -> 206.252.192.195
0.51	10	ICMP Destination Unreachable (Port Unreachable)
	3	193.205.245.8 -> 192.168.100.28
	2	148.244.153.69 -> 192.168.100.28
	1	192.168.100.28 -> 218.17.158.135
	1	192.168.100.28 -> 193.79.163.118
	1	192.168.100.28 -> 218.14.182.224
	1	192.168.100.28 -> 200.171.38.61
	1	192.168.100.28 -> 10.12.9.141
0.46	9	ICMP PING
	3	216.39.69.65 -> 192.168.100.28
	3	64.14.42.16 -> 192.168.100.28
	3	216.34.88.17 -> 192.168.100.28
0.41	8	BAD TRAFFIC tcp port 0 traffic
	4	192.168.100.28 -> 64.24.196.50
	4	64.24.196.50 -> 192.168.100.28
0.31	6	INFO psyBNC access
	6	192.168.100.28 -> 80.117.14.44
0.15	3	SCAN Proxy (8080) attempt
	3	61.144.145.243 -> 192.168.100.28
0.15	3	SCAN Squid Proxy attempt
	3	61.144.145.243 -> 192.168.100.28
0.10	2	FTP USER overflow attempt
	1	192.168.100.28 -> 62.211.66.16
	1	192.168.100.28 -> 192.18.99.122
0.05	1	INFO Connection Closed MSG from Port 80
	1	62.211.66.53 -> 192.168.100.28
0.05	1	POLICY FTP anonymous login attempt
	1	192.168.100.28 -> 192.18.99.122
0.05	1	(spp_portscan2) Portscan detected from 192.168.100.28
0.05	1	FTP command overflow attempt
	1	192.168.100.28 -> 62.211.66.16
0.05	1	FTP CWD overflow attempt
	1	192.168.100.28 -> 192.18.99.122
0.05	1	CHAT IRC dns request
	1	80.117.14.44 -> 192.168.100.28
0.05	1	CHAT IRC dns response
	1	192.168.100.28 -> 80.117.14.44
0.05	1	EXPLOIT CDE dtspcd exploit attempt
	1	61.219.90.180 -> 192.168.100.28
0.05	1	FTP PASS overflow attempt
	1	192.168.100.28 -> 62.211.66.16
0.05	1	(spp_portscan2) Portscan detected from 192.168.100.28