Router Analysis

An analysis of the log files from my ADSL router, the router records DOS and Port Scans, with the originating IP address. In order to analysis the results I looked at the total number of attacks, looked at whether there were DOS or Port Scan. For the recorded IP addresses I identified the number of unique IP and then lookup the country of issuing the IP address registration.

2013

I have now completed 12 months of collecting the log files from my ADSL router and moving into the second year of data collection. I will be looking at how 2013 data matches up against the 2012 data on a month per month basis.

April 2013

2012			2013
Country	Source IPs	Attacks	Country	Source IPs	Attacks
Turkey	25	25		75	75
China	13	66		4	34
USA	9	97		2	15
France	3	24		2	11
United Kingdom	2	11		1	1
Japan	2	10	Russia	1	1

March 2013

2012			2013
Country	Source IPs	Attacks	Country	Source IPs	Attacks
Turkey	71	71	Turkey	58	58
China	2	40	United States	13	134
United Kingdom	2	29	Germany	3	25
Germany	1	13	France	2	21
Russia	1	1	United Kingdom	2	4
			Azerbaijan	2	2
			Russia	1	6

February 2013

2012			2013
Country	Source IPs	Attacks	Country	Source IPs	Attacks
Turkey	52	52	Turkey	66	66
Netherlands	1	16	United States	2	7
Ukraine	2	2	Azerbaijan	2	2
China	1	2	Ukraine	1	1
France	1	1
Egypt	1	1
South Africa	1	1
United Kingdom	1	1

January 2013

2012			2013
Country	Source IPs	Attacks	Country	Source IPs	Attacks
Turkey	79	79	Turkey	39	39
South Africa	3	3	China	1	57
United States	1	10	Germany	6	6
Hong Kong	1	1	Switzerland	6	6
Thailand	1	1	United States	6	6
Switzerland	1	1	United Kingdom	1	6

Yearly Totals

There were a total of 4966 incidents recorded in the log files of my ADSL router during 2012, these came from 666 different IP addresses. These came from 24 different countries, the top 10 countries for IP address origins are listed below in decreasing order of IP address origins.

Turkey	474
China	130
United States	18
South Africa	8
United Kingdom	6
Azerbaijan	4
France	4
Germany	3
Japan	3
Ukraine	2

Summary

Month	No Attacks	DOS	Port Scans	Unique IP	Unique Countries
Dec 2012	70	69	1	65	3
Nov 2012	43	38	5	20	4
Oct 2012	63	54	9	24	4
Sep 2012	21	21	0	21	3
Aug 2012	50	50	0	36	5
Jul 2012	2960	2960	0	80	4
Jun 2012	393	392	1	98	5
May 2012	804	804	0	65	4
Apr 2012	234	234	0	54	6
Mar 2012	156	129	27	77	5
Feb 2012	76	74	2	60	9
Jan 2012	96	94	2	86	6

December 2012

Country	Source IPs	No of attack from country
Turkey	63	63
Canada	1	6
South Africa	1	1

November 2012

Country	Source IPs	No of attack from country
USA	2	20
Turkey	16	16
Germany	1	6
Azerbaijan	1	1

October 2012

Country	Source IPs	No of attack from country
USA	6	29
Turkey	16	16
Saudi Arabia	1	12
Germany	1	6

September 2012

Country	Source IPs	No of attack from country
Turkey	19	19
Japan	1	1
Malaysia	1	1

August 2012

Country	Source IPs	No of attack from country
Turkey	27	27
UK	2	6
China	5	15
South Africa	1	1
Greece	1	1

July 2012

Country	Source IPs	No of attack from country
China	59	2938
Turkey	19	19
Sweden	1	2
South Africa	1	1

June 2012

Country	Source IPs	No of attack from country
China	22	318
Turkey	72	72
Azerbaijan	2	2
South Africa	1	1
Cyprus	1	1

May 2012

Country	Source IPs	No of attack from country
China	26	783
Turkey	19	19
India	1	1
Pakistan	1	1

Apr 2012

Country	Source IPs	No of attack from country
Turkey	26	26
China	13	66
USA	9	97
France	3	18
Japan	2	10
UK	2	11

Mar 2012

Country	Source IPs	No of attack from country
Turkey	71	73
China	2	40
UK	2	29
Germany	1	13
Russia	1	1

27 attempts from a single UK address
27 attempts from a single Chinese address
13 attempts from another Chinese address
13 attempts from a single German address

Feb 2012

Country	Source IPs	No of attack from country
Turkey	52	53
Ukraine	2	1
France	1	1
China	1	2
Egypt	1	1
South Africa	1	1
UK	1	1
Netherlands	1	16

16 of the attacks came from the same IP address in the Netherlands

Jan 2012

Country	Source IPs	No of attack from country
Turkey	79	63
South Africa	3	3
Hong Kong	1	1
Switzerland	1	1
USA	1	10
Thailand	1	1

10 of the attacks came from the same IP address in the USA