Brazilian Honeypots Alliance

FLOWS

Daily Statistics -- 2010-09-02

This page presents the 2010-09-02 daily statistics for the network flow data directed to honeypots from the Brazilian Honeypots Alliance. The X axis of each graphic represents a 24-hour time window (GMT). And the Y axis represents the total amount of bytes received per time slot, normalized to the number of subnets being monitored by our honeypots. You can see some observations at the bottom of this page.

Source Country Codes (CC)

#	Key	CC		Name	Total		Max	Avg
01			BR	Brazil	12.66 MB	28.58 %	1.59 kB/s	146.56 B/s
02			CN	China	12.36 MB	27.91 %	1.75 kB/s	143.09 B/s
03			US	United States	4.34 MB	9.80 %	1.23 kB/s	50.23 B/s
04			RU	Russian Federation	2.80 MB	6.32 %	741.90 B/s	32.39 B/s
05			SG	Singapore	1.85 MB	4.17 %	638.69 B/s	21.40 B/s
06			CA	Canada	949.74 kB	2.14 %	286.97 B/s	10.99 B/s
07			SD	Sudan	698.04 kB	1.58 %	218.04 B/s	8.08 B/s
08			IT	Italy	618.67 kB	1.40 %	239.49 B/s	7.16 B/s
09			CO	Colombia	595.38 kB	1.34 %	648.14 B/s	6.89 B/s
10			PE	Peru	559.50 kB	1.26 %	310.14 B/s	6.48 B/s
11		Others			6.87 MB	15.50 %	372.97 B/s	79.47 B/s

top

Source AS Numbers (ASN)

#	Key	ASN	Name	CC		Total		Max	Avg
01		4134	CHINANET-BACKBONE No.31,Jin-ro...		CN	10.07 MB	22.73 %	1.74 kB/s	116.53 B/s
02		10429	Telefonica Empresas SA		BR	4.01 MB	9.06 %	1.57 kB/s	46.45 B/s
03		4230	Embratel		BR	3.21 MB	7.24 %	1.14 kB/s	37.13 B/s
04		27699	TELECOMUNICACOES DE SAO PAULO ...		BR	2.09 MB	4.73 %	1.28 kB/s	24.24 B/s
05		4837	CHINA169-BACKBONE CNCGROUP Chi...		CN	1.92 MB	4.34 %	744.62 B/s	22.27 B/s
06		12714	TI-AS Fairlie Holding & Financ...		RU	1.78 MB	4.02 %	723.47 B/s	20.60 B/s
07		17547	QALA-SG-AP M1 CONNECT PTE. LTD...		SG	1.45 MB	3.26 %	502.92 B/s	16.73 B/s
08		15706	Sudatel		SD	697.86 kB	1.58 %	218.04 B/s	8.08 B/s
09		19262	VZGNI-TRANSIT - Verizon Online...		US	610.87 kB	1.38 %	392.40 B/s	7.07 B/s
10		3269	ASN-IBSNAZ Telecom Italia S.p....		IT	577.37 kB	1.30 %	239.23 B/s	6.68 B/s
11		Others				17.88 MB	40.36 %	1.38 kB/s	206.95 B/s

top

Protocols

#	Key	Protocol	Total		Max	Avg
01		TCP	38.87 MB	87.74 %	1.98 kB/s	449.88 B/s
02		UDP	3.58 MB	8.07 %	107.59 B/s	41.38 B/s
03		ICMP	1.85 MB	4.19 %	36.90 B/s	21.47 B/s
04		Others	0.00 B	0.00 %	0.00 B/s	0.00 B/s

top

Destination TCP Ports

#	Key	Port	Name	Total		Max	Avg
01		22	SSH (Secure Shell)	24.28 MB	62.47 %	1.73 kB/s	281.06 B/s
02		445	Microsoft-DS Active Directory	9.31 MB	23.96 %	1.43 kB/s	107.80 B/s
03		139	NETBIOS Session Service	2.14 MB	5.51 %	81.59 B/s	24.77 B/s
04		9988	Rbot/SpyBot	1.05 MB	2.69 %	1.14 kB/s	12.10 B/s
05		1433	Microsoft SQL Server	617.95 kB	1.59 %	116.94 B/s	7.15 B/s
06		135	Microsoft RCP	259.18 kB	0.67 %	46.93 B/s	3.00 B/s
07		4899	Radmin (remote administration tool)	176.73 kB	0.45 %	22.44 B/s	2.05 B/s
08		80	HTTP (Hypertext Transfer Protocol)	130.37 kB	0.34 %	58.92 B/s	1.51 B/s
09		25	SMTP (Simple Mail Transfer Protocol)	117.66 kB	0.30 %	6.01 B/s	1.36 B/s
10		2967	Symantec AV Corporate Edition	90.13 kB	0.23 %	35.06 B/s	1.04 B/s
11		Others		694.66 kB	1.79 %	59.71 B/s	8.04 B/s

top

Destination UDP Ports

#	Key	Port	Name	Total		Max	Avg
01		5060	SIP (Session Initiation Protocol)	2.71 MB	75.89 %	99.07 B/s	31.40 B/s
02		137	NETBIOS Name Service	302.32 kB	8.46 %	22.50 B/s	3.50 B/s
03		1434	Microsoft SQL Monitor	172.50 kB	4.82 %	6.35 B/s	2.00 B/s
04		161	SNMP (Simple Network Management Protocol)	158.99 kB	4.45 %	18.44 B/s	1.84 B/s
05		65111	n/a	13.33 kB	0.37 %	1.26 B/s	0.15 B/s
06		53	DNS (Domain Name System)	10.28 kB	0.29 %	1.29 B/s	0.12 B/s
07		6220	n/a	8.87 kB	0.25 %	1.26 B/s	0.10 B/s
08		52340	n/a	8.35 kB	0.23 %	0.54 B/s	0.10 B/s
09		65104	n/a	7.25 kB	0.20 %	1.24 B/s	0.08 B/s
10		65112	n/a	7.19 kB	0.20 %	1.08 B/s	0.08 B/s
11		Others		172.98 kB	4.84 %	7.06 B/s	2.00 B/s

top

Source Operating Systems (Windows)

#	Key	Operating System	Total		Max	Avg
01		Windows-XP-SP1/Windows-2000-SP4	4.91 MB	49.79 %	483.01 B/s	56.82 B/s
02		Windows-XP-SP1/Windows-2000-SP2+	2.70 MB	27.38 %	1.29 kB/s	31.24 B/s
03		Windows-XP-SP1/Windows-2000-SP3	1.89 MB	19.21 %	407.01 B/s	21.93 B/s
04		Windows-2000-RFC1323/Windows-XP-RFC1323	228.52 kB	2.32 %	14.64 B/s	2.64 B/s
05		Windows-2000/Windows-XP	85.51 kB	0.87 %	9.47 B/s	0.99 B/s
06		Windows-98	32.15 kB	0.33 %	2.79 B/s	0.37 B/s
07		Windows-XP/Windows-2000-SP2	6.01 kB	0.06 %	17.16 B/s	0.07 B/s
08		Windows-NT-4.0	3.71 kB	0.04 %	2.32 B/s	0.04 B/s
09		Windows-98-noSack	322.00 B	0.00 %	0.33 B/s	0.00 B/s
10		Windows-XP-cisco/Windows-2000-cisco	109.56 B	0.00 %	0.12 B/s	0.00 B/s
11		other-Windows	144.25 B	0.00 %	0.16 B/s	0.00 B/s

top

Source Operating Systems (Other platforms)

#	Key	Operating System	Total		Max	Avg
01		Linux	22.05 MB	75.99 %	1.73 kB/s	255.17 B/s
02		unknown	6.78 MB	23.36 %	763.57 B/s	78.44 B/s
03		undefined	182.80 kB	0.63 %	13.84 B/s	2.12 B/s
04		Proxyblocker	2.09 kB	0.01 %	0.03 B/s	0.02 B/s
05		Solaris	1.14 kB	0.00 %	0.45 B/s	0.01 B/s
06		NetBSD	654.23 B	0.00 %	0.42 B/s	0.01 B/s
07		OpenBSD	480.00 B	0.00 %	1.60 B/s	0.01 B/s
08		Redline	109.00 B	0.00 %	0.36 B/s	0.00 B/s
09		SunOS	39.36 B	0.00 %	0.07 B/s	0.00 B/s
10		CacheFlow-4.1/NetApp-CacheFlow	9.38 B	0.00 %	0.03 B/s	0.00 B/s
11		Others	4.45 B	0.00 %	0.01 B/s	0.00 B/s

top

Observations:

Each image above contains a STACK AREA graphic, which means that each data set of the graphic is stacked on top of the previous one.
Lists of known TCP/UDP ports and associated service names can be found at the following documents:
- Port Numbers, from IANA.
- List of TCP and UDP port numbers, from The Wikipedia.
- Common Ports, from packetlife.net.
A list of known Country Codes can be found at IANA. The country code "XX" stands for network flows that could not be associated with any country code, for example, flows from private networks.