Nepenthes attacker source ip...

Brief review the attack source IP address fro nepenthes that most (>95%) of the source and destination are from the
same "1st octet" or even 2nd octet in their IP address. 
Therefore those know vulnerability attack the "near" IP only..,,  is it true?

- by coincident only
- the malware scan host pattern , by IP, host file, nearest IP, same LAN, same subnet?
-  those vulnerability attract pattern, by IP, host file , nearest IP, same LAN, same sbunet?
what is your idea?  Of coz we can't have conclusion so far...


posted Oct 12, 2009, 2:34 AM by Honeybird Administrator


1-1 of 1