In summer 2016 I provided brief analysis of IPv4-addresses with SNMP default community (DDoS attacks type SNMP Amplification sources) by countries (Russian article). The year is new but security holes are old.
New Year SNMP report by shodan, was compared with June one and shows such dynamics in integral TOP-10:
Countries with positive percentage decreased default SNMP-devices quantity and negative percentage holders increased it.
In general, IPv4-addresses with default SNMP community quantity is less than half a year. The whole world shows such numbers according to previous table:
Differential TOP 10 based on integral one for SNMP public/private looks like a chart:
And as a table:
So, it is clear that IPv4-space contains less default-configured SNMP settings on devices (DDoS-attacks sources) for 23,4%.
Possible reasons of such dynamics are:
A little HOWTO fix a holey SNMP is described here (Russian). English coming soon.
New Year SNMP report by shodan, was compared with June one and shows such dynamics in integral TOP-10:
| 2016 | 2017 | Fixed, % | |
| Brazil | 1430670 | 1041122 | 27,23 |
| USA | 326735 | 240677 | 26,34 |
| India | 307155 | 210282 | 31,54 |
| Korea | 170979 | 173178 | -1,29 |
| China | 121235 | 92019 | 24,10 |
| Thailand | 120263 | 61077 | 49,21 |
| Colombia | 104903 | 59178 | 43,59 |
| Italy | 87020 | 78970 | 9,25 |
| Turkey | 80880 | 50824 | 37,16 |
| Iran | 79506 | 57866 | 27,22 |
Countries with positive percentage decreased default SNMP-devices quantity and negative percentage holders increased it.
In general, IPv4-addresses with default SNMP community quantity is less than half a year. The whole world shows such numbers according to previous table:
| TOTAL | 3748045 | 2821398 | 24,72 |
Differential TOP 10 based on integral one for SNMP public/private looks like a chart:
And as a table:
| Country | Fixed, % | |
| 1 | Thailand | 49,21 |
| 2 | Colombia | 43,59 |
| 3 | Turkey | 37,16 |
| 4 | India | 31,54 |
| 5 | Brazil | 27,23 |
| 6 | Iran | 27,22 |
| 7 | USA | 26,34 |
| 8 | China | 24,10 |
| 9 | Italy | 9,25 |
| 10 | Korea | -1,29 |
So, it is clear that IPv4-space contains less default-configured SNMP settings on devices (DDoS-attacks sources) for 23,4%.
Possible reasons of such dynamics are:
- Default SNMP-settings were changed
- SNMP service was disabled as unused one
- Hosting- and Internet-providers blocked a part of malicious traffic sources
- Upgraded software disables SNMP by default
- Shodan loses control of vulnerable servers
- Your version
A little HOWTO fix a holey SNMP is described here (Russian). English coming soon.
Комментариев нет:
Отправить комментарий