Protocol distributions

Inverted protocol distribution
mid 2001: 95% TCP
late 2002: 75% UDP
current: 90% UDP

Transition away from SYN flood to generic bandwidth attacks
137/UDP, 139/UDP, 445/TCP common attack targets
many attacks hit random ports