Brazilian Honeypots Alliance

FLOWS

Daily Statistics -- 2010-03-13

This page presents the 2010-03-13 daily statistics for the network flow data directed to honeypots from the Brazilian Honeypots Alliance. The X axis of each graphic represents a 24-hour time window (GMT). And the Y axis represents the total amount of bytes received per time slot, normalized to the number of subnets being monitored by our honeypots. You can see some observations at the bottom of this page.

Source Country Codes (CC)

#	Key	CC		Name	Total		Max	Avg
01			US	United States	37.08 MB	38.64 %	3.83 kB/s	429.22 B/s
02			CN	China	20.64 MB	21.50 %	4.26 kB/s	238.88 B/s
03			BR	Brazil	18.34 MB	19.11 %	3.19 kB/s	212.23 B/s
04			TW	Taiwan, Province of China	4.56 MB	4.75 %	373.52 B/s	52.80 B/s
05			PT	Portugal	3.02 MB	3.15 %	401.08 B/s	34.97 B/s
06			FR	France	1.71 MB	1.78 %	295.90 B/s	19.74 B/s
07			CA	Canada	1.22 MB	1.27 %	492.97 B/s	14.12 B/s
08			RU	Russian Federation	1.10 MB	1.14 %	197.34 B/s	12.69 B/s
09			RO	Romania	614.28 kB	0.64 %	289.21 B/s	7.11 B/s
10			MX	Mexico	469.46 kB	0.49 %	451.49 B/s	5.43 B/s
11		Others			7.23 MB	7.53 %	556.07 B/s	83.63 B/s

top

Source AS Numbers (ASN)

#	Key	ASN	Name	CC		Total		Max	Avg
01		46475	LIMESTONENETWORKS - Limestone ...		US	16.59 MB	17.28 %	3.31 kB/s	192.00 B/s
02		13618	CARONET-ASN - Carolina Interne...		US	12.91 MB	13.45 %	3.70 kB/s	149.40 B/s
03		4812	CHINANET-SH-AP China Telecom (...		CN	8.85 MB	9.22 %	4.08 kB/s	102.43 B/s
04		4837	CHINA169-BACKBONE CNCGROUP Chi...		CN	8.12 MB	8.46 %	561.46 B/s	93.98 B/s
05		17222	Mundivox do Brasil Ltda.		BR	6.53 MB	6.81 %	3.09 kB/s	75.61 B/s
06		3462	HINET Data Communication Busin...		TW	3.81 MB	3.97 %	372.34 B/s	44.13 B/s
07		12542	TVCABO-AS TVCABO Autonomous Sy...		PT	2.99 MB	3.11 %	401.04 B/s	34.58 B/s
08		27699	TELECOMUNICACOES DE SAO PAULO ...		BR	2.84 MB	2.96 %	700.46 B/s	32.85 B/s
09		4134	CHINANET-BACKBONE No.31,Jin-ro...		CN	2.48 MB	2.58 %	369.82 B/s	28.69 B/s
10		27724	Nelson Quintas Telecom. do Bra...		BR	2.32 MB	2.42 %	1.59 kB/s	26.83 B/s
11		Others				28.54 MB	29.73 %	1.20 kB/s	330.30 B/s

top

Protocols

#	Key	Protocol	Total		Max	Avg
01		TCP	91.85 MB	95.70 %	8.68 kB/s	1.06 kB/s
02		UDP	2.19 MB	2.28 %	53.77 B/s	25.34 B/s
03		ICMP	1.93 MB	2.02 %	35.91 B/s	22.39 B/s
04		Others	0.00 B	0.00 %	0.00 B/s	0.00 B/s

top

Destination TCP Ports

#	Key	Port	Name	Total		Max	Avg
01		22	SSH (Secure Shell)	73.49 MB	80.01 %	8.43 kB/s	850.57 B/s
02		445	Microsoft-DS Active Directory	9.72 MB	10.58 %	297.20 B/s	112.50 B/s
03		135	Microsoft RCP	2.83 MB	3.08 %	117.92 B/s	32.70 B/s
04		139	NETBIOS Session Service	2.42 MB	2.64 %	130.76 B/s	28.02 B/s
05		9988	Rbot/SpyBot	981.53 kB	1.07 %	351.43 B/s	11.36 B/s
06		2967	Symantec AV Corporate Edition	389.45 kB	0.42 %	163.14 B/s	4.51 B/s
07		1433	Microsoft SQL Server	288.99 kB	0.31 %	220.09 B/s	3.34 B/s
08		80	HTTP (Hypertext Transfer Protocol)	193.22 kB	0.21 %	98.44 B/s	2.24 B/s
09		21	FTP (File Transfer Protocol - control)	117.64 kB	0.13 %	58.27 B/s	1.36 B/s
10		25	SMTP (Simple Mail Transfer Protocol)	107.33 kB	0.12 %	26.63 B/s	1.24 B/s
11		Others		1.32 MB	1.43 %	86.31 B/s	15.24 B/s

top

Destination UDP Ports

#	Key	Port	Name	Total		Max	Avg
01		1434	Microsoft SQL Monitor	345.86 kB	15.80 %	7.15 B/s	4.00 B/s
02		137	NETBIOS Name Service	299.51 kB	13.68 %	14.06 B/s	3.47 B/s
03		138	NETBIOS Datagram Service	89.26 kB	4.08 %	1.04 B/s	1.03 B/s
04		18380	n/a	47.28 kB	2.16 %	1.22 B/s	0.55 B/s
05		18621	n/a	44.51 kB	2.03 %	1.40 B/s	0.52 B/s
06		18659	n/a	40.68 kB	1.86 %	1.05 B/s	0.47 B/s
07		5060	SIP (Session Initiation Protocol)	28.23 kB	1.29 %	11.85 B/s	0.33 B/s
08		18365	n/a	21.18 kB	0.97 %	1.05 B/s	0.25 B/s
09		5211	n/a	20.27 kB	0.93 %	1.77 B/s	0.23 B/s
10		18516	n/a	19.53 kB	0.89 %	0.65 B/s	0.23 B/s
11		Others		1.23 MB	56.32 %	37.31 B/s	14.27 B/s

top

Source Operating Systems (Windows)

#	Key	Operating System	Total		Max	Avg
01		Windows-XP-SP1/Windows-2000-SP4	6.17 MB	48.99 %	514.26 B/s	71.37 B/s
02		Windows-XP-SP1/Windows-2000-SP2+	3.42 MB	27.19 %	121.90 B/s	39.62 B/s
03		Windows-XP-SP1/Windows-2000-SP3	1.86 MB	14.79 %	230.99 B/s	21.55 B/s
04		Windows-2000/Windows-XP	565.89 kB	4.50 %	77.98 B/s	6.55 B/s
05		Windows-2000-RFC1323/Windows-XP-RFC1323	300.76 kB	2.39 %	17.45 B/s	3.48 B/s
06		Windows-XP/Windows-2000-SP2	186.27 kB	1.48 %	188.14 B/s	2.16 B/s
07		Windows-98	81.28 kB	0.65 %	18.53 B/s	0.94 B/s
08		Windows-95	431.94 B	0.00 %	0.38 B/s	0.00 B/s
09		Windows-XP-SP1	391.00 B	0.00 %	1.30 B/s	0.00 B/s
10		Windows-XP-SP3/Windows-2000	344.50 B	0.00 %	0.79 B/s	0.00 B/s
11		other-Windows	673.67 B	0.01 %	0.82 B/s	0.01 B/s

top

Source Operating Systems (Other platforms)

#	Key	Operating System	Total		Max	Avg
01		Linux	66.86 MB	84.35 %	7.52 kB/s	773.85 B/s
02		unknown	12.07 MB	15.23 %	3.12 kB/s	139.71 B/s
03		undefined	311.59 kB	0.39 %	10.11 B/s	3.61 B/s
04		FreeBSD	18.28 kB	0.02 %	26.60 B/s	0.21 B/s
05		Solaris	1.15 kB	0.00 %	0.85 B/s	0.01 B/s
06		NetBSD	993.73 B	0.00 %	0.60 B/s	0.01 B/s
07		OpenBSD	960.00 B	0.00 %	0.64 B/s	0.01 B/s
08		Novell-NetWare-5.0	33.00 B	0.00 %	0.11 B/s	0.00 B/s
09		MacOS	13.56 B	0.00 %	0.04 B/s	0.00 B/s
10		Redline	12.00 B	0.00 %	0.04 B/s	0.00 B/s
11		Others	3.09 B	0.00 %	0.01 B/s	0.00 B/s

top

Observations:

Each image above contains a STACK AREA graphic, which means that each data set of the graphic is stacked on top of the previous one.
Lists of known TCP/UDP ports and associated service names can be found at the following documents:
- Port Numbers, from IANA.
- List of TCP and UDP port numbers, from The Wikipedia.
- Common Ports, from packetlife.net.
A list of known Country Codes can be found at IANA. The country code "XX" stands for network flows that could not be associated with any country code, for example, flows from private networks.