TSUBAME Report Overflow (Jul-Sep 2022)

This TSUBAME Report Overflow series discuss monitoring trends of overseas TSUBAME sensors and other activities which the Internet Threat Monitoring Quarterly Reports does not include. This article covers the monitoring results for the period of April to June 2022. The scan trends observed with TSUBAME sensors in Japan are presented in graphs here.

Observation trends of packets from scanners in Japan

TSUBAME observes packets from a variety of sources. It observes not only scans related to cyber attacks, but also those for security research and investigation purposes, as well as scan traces by network administrators to check firewalls and server logs. TSUBAME observed about 30 IP addresses that sent packets to more than 10 ports from a source in Japan on a single day (from 0:00 to 23:59). This article discusses the characteristics of such domestic scans for research and investigation purposes. Among such scans observed by TSUBAME, Table 1 lists the observation dates and source IP addresses of three major organizations ([1][2][3][4]), which mention their scan activities on their websites or other sources.

Table 1: Changes in the number of IP addresses in Japan used for scan activities

#table2{ margin: auto; }

Domestinc Organization A Domestinc Organization B Domestinc Organization C Other 2022-07-01 1 2022-07-02 2022-07-03 2022-07-04 4 9 1 2022-07-05 9 2022-07-06

Read more

Explore the site

More from the blog

Latest News