If you've gone to any security conference over the last year, you surely have heard that threats on the internet are moving from general purpose, noisy attacks, to highly targeted attacks designed to only attack YOU...personally. Now that the ThreatLinq program is up and running, it is satisfying to notice that many attackers are not only performing their attacks on multiple hosts, they commonly use many different attack vectors and payloads. Take this IP address for instance: 89.156.116.27. On 7-26-2008 this machine suddenly generated several thousand spread across no less than 6 separate filters...definitely not subtle.
Below are the TippingPoint filters, and the number of hits recorded for this particular IP address on 7-26-2008:
FILTER NAME: # OF HITS:
SMB: Windows Logon Failure 17,173
SMB: Null Session SetUp 813
SMB: ASN.1 Bitstring Processing Heap Overflow 162
MS-RPC: DCOM ISystemActivator Overflow 32
MS-RPC: Windows PlugnPlay Request Anomaly 32
MS-RPC: LSASS Active Directory Interface Overflow 30
