Common attack update
In the second edition of our book, we published the results of a study we did of the most commonly attacked TCP ports (and associated services). That study was conducted in August of 2005. It’s in chapter 13, under “The Most Common Attacks: A Case Study.”  Here’s an update, based on a similar study conducted over the first three months of 2006 (January 1 through March 31). The update was done using data logged by our DoorStop X Firewall and analyzed by our Who’s There? Firewall Advisor.
The left chart is the one published in the book. The right one is the one from the past three months. To a large extent, “the more things change, the more they stay the same.” In the initial study, the five most popular attacks, over 7/8 of the total, were Windows-specific attacks. In the new study, these five attacks still account for 3/4 of the total. But there is a new significant category labeled “Web (HTTP).” There now seem to be many more attacks looking for machines running Web servers.  Why? Good question. Something to think about for the time being.
An interesting similar study is available here.
Monday, April 3, 2006