|
 |
Description of the cluster 16965 |
 |
This page shows the description of the cluster 16965. The values in the various columns represent the amount of different virtual machines on a given platform contacted by the same attacking IP, the average duration in seconds between the first and the last packet received from an attacker while talking to a single virtual machine, the amount of packets received from each IP by a single virtual machine, the sequences of ports contacted by the attacker. The syntax used to represent a sequence of ports is as follows:
[port0][Protocol][...][portN][Protocol] - U (UDP), T(TCP)
You may have more than one sequence of ports when the attacker has contacted more than one virtual machine on a given platform and has not used the same sequences of packets against each of them. This is typically the case when an attacker probes port Y if and only if it first detects that port X is open.
| Number of targeted virtual OS |
Duration |
Number of attacking packets |
Sequences of targeted ports |
| 3 |
0 to 5 s |
4 to 5 packets |
1433T |
| 1433T |
| 1433T |
|
|
