Ranking TOP10 Firewall The ranking shows the top 10 changes in destination port activity based on dropped packet data from firewalls. An increase of unique sources probing a certain destination port may be the result of a botnet or worm scanning the network. The firewall data thus essentially serves as simple anomaly detector. In some ways its scope of anomaly detection is wider than honeypot data based, as it reflects attack attempts at production networks that offer real services. However, no payload analysis is performed, and data may be polluted by configuration errors leading to false positives. Clicking on a 24 hour port activity graph leads to weekly and monthly activity graphs for the port.

© Copyright by 2007    (Last update: 2010-09-07 16:05:00 CEST)