Monday, 4 June 2012

May ADSL Log Analysis

Analysis of the logs files from my ADSL router for May, there was a large peak of UDP scans which emanated from China.

Daily Frequency of scans

Peak number of events was on the 30th May when 545 events were logged, other dates that above average number of events were detected were the 14th and 21st of May. With a slightly elevated rate of events on the 24th May.

The detected events broke down country wise as follows

CountryNumber of eventsNumber of unique IP
China78344
Turkey1919
India11
Pakistan11

The events on the 24th were TCP probes all on port 23 from IP addresses registered in Turkey.

The events on the 30th were UDP probes on port 58299, the 21st were UDP probes on port 38029, and the 14th were UDP probes on port 58281

The top three IP addresses for the origination of the probes where

288 events - 59.66.241.nnn (Zijing Campus 2nd Phase, Tsinghua University)
128 events - 218.109.70.nnn (WASU-BB)
122 events - 113.117.150.nnn (CHINANET Guangdong province network)

No comments:

Post a Comment