Blaster packet rates

Mailman List Mirror (Read Only)
1

Hello All,

I am trying to get real figures on how much blaster scanning is going on to
my network, but I don't have enough information. I am seeing 2200 packets
per minute average (for TCP 135, 137-139) on my ingress points. As I'm
advertising a /19 that's around .27 RCP and netbios packets per IP address
per second being sent to my IP range.

I haven't done a long-term look at RCP and netbios traffic on the web so I
have no way to determine how much is blaster generated, does anyone have
baseline information on the amount of RCP and netbios packets were on the
web before blaster was propagated? Alternatively, has anyone worked out the
% of blaster scan as opposed to "normal" background RCP and netbios traffic?

Thanks,

Greg Pendergrass

2

[snip]

I haven't done a long-term look at RCP and netbios traffic on the
web so I have no way to determine how much is blaster generated,
does anyone have baseline information on the amount of RCP and
netbios packets were on the web before blaster was propagated?
Alternatively, has anyone worked out the % of blaster scan as
opposed to "normal" background RCP and netbios traffic?

Negative, but the normal background noise of netbios+friends
(including 445) is constant & at a high enough rate that on some
residential broadband networks, a pause/break in the activity
in one's filter log files is the most reliable way to detect
network outages.