Brazilian Honeypots Alliance

FLOWS

Daily Statistics -- 2010-03-09

This page presents the 2010-03-09 daily statistics for the network flow data directed to honeypots from the Brazilian Honeypots Alliance. The X axis of each graphic represents a 24-hour time window (GMT). And the Y axis represents the total amount of bytes received per time slot, normalized to the number of subnets being monitored by our honeypots. You can see some observations at the bottom of this page.

Source Country Codes (CC)

#	Key	CC		Name	Total		Max	Avg
01			BR	Brazil	16.93 MB	35.24 %	430.44 B/s	195.92 B/s
02			CN	China	7.73 MB	16.09 %	840.04 B/s	89.44 B/s
03			US	United States	7.42 MB	15.44 %	542.97 B/s	85.83 B/s
04			IT	Italy	1.77 MB	3.68 %	294.92 B/s	20.43 B/s
05			NO	Norway	1.38 MB	2.87 %	273.07 B/s	15.96 B/s
06			PL	Poland	1.24 MB	2.58 %	153.75 B/s	14.35 B/s
07			TW	Taiwan, Province of China	1.14 MB	2.38 %	258.44 B/s	13.24 B/s
08			RU	Russian Federation	742.36 kB	1.55 %	147.21 B/s	8.59 B/s
09			DE	Germany	723.57 kB	1.51 %	262.60 B/s	8.37 B/s
10			JP	Japan	659.21 kB	1.37 %	238.28 B/s	7.63 B/s
11		Others			8.31 MB	17.30 %	594.23 B/s	96.16 B/s

top

Source AS Numbers (ASN)

#	Key	ASN	Name	CC		Total		Max	Avg
01		11432	BRASILNET TELECOMUNICACOES LTD...		BR	7.54 MB	15.69 %	111.22 B/s	87.24 B/s
02		4134	CHINANET-BACKBONE No.31,Jin-ro...		CN	3.41 MB	7.09 %	669.04 B/s	39.43 B/s
03		4837	CHINA169-BACKBONE CNCGROUP Chi...		CN	1.85 MB	3.86 %	517.67 B/s	21.44 B/s
04		17379	Intelig Telecomunica Ltda		BR	1.64 MB	3.41 %	89.32 B/s	18.96 B/s
05		30722	VODAFONE-IT-ASN Vodafone N.V.		IT	1.57 MB	3.26 %	290.53 B/s	18.13 B/s
06		29695	LYSE-AS Altibox AS		NO	1.35 MB	2.81 %	272.83 B/s	15.60 B/s
07		7132	SBIS-AS - AT&T Internet Servic...		US	1.28 MB	2.67 %	377.62 B/s	14.82 B/s
08		4230	Embratel		BR	893.60 kB	1.86 %	111.74 B/s	10.34 B/s
09		23724	CHINANET-IDC-BJ-AP IDC, China ...		CN	859.32 kB	1.79 %	299.03 B/s	9.95 B/s
10		5617	TPNET Polish Telecom_s commerc...		PL	793.29 kB	1.65 %	103.43 B/s	9.18 B/s
11		Others				26.86 MB	55.91 %	971.93 B/s	310.83 B/s

top

Protocols

#	Key	Protocol	Total		Max	Avg
01		TCP	42.86 MB	89.24 %	1.40 kB/s	496.12 B/s
02		ICMP	2.75 MB	5.73 %	63.66 B/s	31.88 B/s
03		UDP	2.41 MB	5.02 %	51.07 B/s	27.92 B/s
04		Others	0.00 B	0.00 %	0.00 B/s	0.00 B/s

top

Destination TCP Ports

#	Key	Port	Name	Total		Max	Avg
01		22	SSH (Secure Shell)	13.44 MB	31.35 %	984.87 B/s	155.51 B/s
02		445	Microsoft-DS Active Directory	12.24 MB	28.56 %	380.77 B/s	141.70 B/s
03		139	NETBIOS Session Service	10.99 MB	25.63 %	225.60 B/s	127.17 B/s
04		21	FTP (File Transfer Protocol - control)	1.60 MB	3.73 %	290.53 B/s	18.52 B/s
05		135	Microsoft RCP	1.24 MB	2.90 %	87.64 B/s	14.38 B/s
06		9988	Rbot/SpyBot	839.51 kB	1.96 %	238.84 B/s	9.72 B/s
07		80	HTTP (Hypertext Transfer Protocol)	458.03 kB	1.07 %	253.07 B/s	5.30 B/s
08		2967	Symantec AV Corporate Edition	238.15 kB	0.56 %	133.33 B/s	2.76 B/s
09		4899	Radmin (remote administration tool)	214.08 kB	0.50 %	19.10 B/s	2.48 B/s
10		1433	Microsoft SQL Server	178.50 kB	0.42 %	99.86 B/s	2.07 B/s
11		Others		1.43 MB	3.33 %	216.18 B/s	16.51 B/s

top

Destination UDP Ports

#	Key	Port	Name	Total		Max	Avg
01		137	NETBIOS Name Service	682.11 kB	28.27 %	29.39 B/s	7.89 B/s
02		1434	Microsoft SQL Monitor	333.84 kB	13.84 %	10.23 B/s	3.86 B/s
03		138	NETBIOS Datagram Service	89.59 kB	3.71 %	1.04 B/s	1.04 B/s
04		5060	SIP (Session Initiation Protocol)	63.49 kB	2.63 %	11.86 B/s	0.73 B/s
05		18624	n/a	37.14 kB	1.54 %	1.27 B/s	0.43 B/s
06		18659	n/a	34.43 kB	1.43 %	0.99 B/s	0.40 B/s
07		18603	n/a	22.40 kB	0.93 %	0.84 B/s	0.26 B/s
08		18579	n/a	21.34 kB	0.88 %	1.03 B/s	0.25 B/s
09		18592	n/a	21.27 kB	0.88 %	1.12 B/s	0.25 B/s
10		18236	n/a	21.18 kB	0.88 %	0.75 B/s	0.25 B/s
11		Others		1.09 MB	45.01 %	18.51 B/s	12.57 B/s

top

Source Operating Systems (Windows)

#	Key	Operating System	Total		Max	Avg
01		Windows-XP-SP1/Windows-2000-SP4	7.95 MB	53.84 %	305.12 B/s	92.07 B/s
02		Windows-XP-SP1/Windows-2000-SP2+	2.99 MB	20.23 %	269.81 B/s	34.60 B/s
03		Windows-XP-SP1/Windows-2000-SP3	2.90 MB	19.62 %	382.10 B/s	33.55 B/s
04		Windows-2000/Windows-XP	378.22 kB	2.56 %	134.95 B/s	4.38 B/s
05		Windows-2000-RFC1323/Windows-XP-RFC1323	352.68 kB	2.39 %	140.06 B/s	4.08 B/s
06		Windows-XP/Windows-2000-SP2	109.88 kB	0.74 %	93.73 B/s	1.27 B/s
07		Windows-98	79.46 kB	0.54 %	45.89 B/s	0.92 B/s
08		Windows-NT-4.0	9.56 kB	0.06 %	8.28 B/s	0.11 B/s
09		Windows-98-lowTTL	399.50 B	0.00 %	0.24 B/s	0.00 B/s
10		Windows-95	267.00 B	0.00 %	0.38 B/s	0.00 B/s
11		other-Windows	513.95 B	0.00 %	0.69 B/s	0.01 B/s

top

Source Operating Systems (Other platforms)

#	Key	Operating System	Total		Max	Avg
01		Linux	14.04 MB	49.97 %	985.64 B/s	162.47 B/s
02		unknown	13.66 MB	48.64 %	373.22 B/s	158.13 B/s
03		undefined	387.04 kB	1.38 %	25.22 B/s	4.48 B/s
04		Solaris	1.82 kB	0.01 %	1.37 B/s	0.02 B/s
05		FreeBSD	1.72 kB	0.01 %	1.26 B/s	0.02 B/s
06		NetBSD	810.36 B	0.00 %	0.75 B/s	0.01 B/s
07		Redline	109.00 B	0.00 %	0.15 B/s	0.00 B/s
08		SymbianOS-6048	44.00 B	0.00 %	0.15 B/s	0.00 B/s
09		MacOS	12.15 B	0.00 %	0.02 B/s	0.00 B/s
10		OpenBSD	8.00 B	0.00 %	0.03 B/s	0.00 B/s
11		Others	2.92 B	0.00 %	0.01 B/s	0.00 B/s

top

Observations:

Each image above contains a STACK AREA graphic, which means that each data set of the graphic is stacked on top of the previous one.
Lists of known TCP/UDP ports and associated service names can be found at the following documents:
- Port Numbers, from IANA.
- List of TCP and UDP port numbers, from The Wikipedia.
- Common Ports, from packetlife.net.
A list of known Country Codes can be found at IANA. The country code "XX" stands for network flows that could not be associated with any country code, for example, flows from private networks.