Remote Host Count - Description

This graph shows the number of remote hosts (or addresses) into three groups - those which have only received packets, those which have only sent packets, and those which have sent and received packets.

Remote computers are those whose IP address falls outside LOCALRANGE as specified in the ipaudit-web.conf configuration file.

Remote hosts (addresses) which have only received packets of almost certainly the result of network scans originating on your network.

A large number of remote hosts (addresses) which have only sent packets is unusual. The only case I know of is when the Nimda virus was active. Remote hosts infected with the virus would scan random address on the internet. Typically you would see only one address scanned from remote infected hosts. If the local scanned address did not respond, then the remote host would be counted in the only sent group.

Most addresses send and receive packets, these are hosts involved in normal network communication.

The count of remote hosts is taken every 30 minutes.

« Back