Выбрать язык


Выбрать язык | Show only


Русский | English


вторник, 3 января 2017 г.

New Year: SNMP default community quantity dynamics

In summer 2016 I provided brief analysis of IPv4-addresses with SNMP default community (DDoS attacks type SNMP Amplification sources) by countries (Russian article). The year is new but security holes are old.

http://1u88jj3r4db2x4txp44yqfj1.wpengine.netdna-cdn.com/wp-content/uploads/2014/04/ddos.jpg

New Year SNMP report by shodan, was compared with June one and shows such dynamics in integral TOP-10:


2016 2017 Fixed, %
Brazil 1430670 1041122 27,23
USA 326735 240677 26,34
India 307155 210282 31,54
Korea 170979 173178 -1,29
China 121235 92019 24,10
Thailand 120263 61077 49,21
Colombia 104903 59178 43,59
Italy 87020 78970 9,25
Turkey 80880 50824 37,16
Iran 79506 57866 27,22


Countries with positive percentage decreased default SNMP-devices quantity  and negative percentage holders increased it.

In general, IPv4-addresses with default SNMP community quantity is less than half a year. The whole world shows such numbers according to previous table:

TOTAL 3748045 2821398 24,72

Differential TOP 10 based on integral one for SNMP public/private looks like a chart:


And as a table:


Country Fixed, %
1 Thailand 49,21
2 Colombia 43,59
3 Turkey 37,16
4 India 31,54
5 Brazil 27,23
6 Iran 27,22
7 USA 26,34
8 China 24,10
9 Italy 9,25
10 Korea -1,29

So, it is clear that IPv4-space contains less default-configured SNMP settings on devices (DDoS-attacks sources) for 23,4%.
Possible reasons of such dynamics are:
  • Default SNMP-settings were changed
  • SNMP service was disabled as unused one
  • Hosting- and Internet-providers blocked a part of malicious traffic sources
  • Upgraded software disables SNMP by default
  • Shodan loses control of vulnerable servers
  • Your version
I hope that new year will help us fix old bugs with SNMP default community usage.
A little HOWTO fix a holey SNMP is described here (Russian). English coming soon.

Комментариев нет:

Отправить комментарий