2006 Internet Attack Statistics
for Belgium
Hillar Leoste
Zone-H.org
OWASP
BeLux
Chapter
Copyright © 2007 - The OWASP Foundation
Permission is granted to copy, distribute and/or modify this document under the terms
of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit
http://creativecommons.org/licenses/by-sa/2.5/
The OWASP Foundation
http://www.owasp.org
Agenda
About Zone-H and defacements
Statistics
2
OWASP
2
What is Zone-h.org
• News, advisories and opinions, provided from recognized IT security
news sites, trusted product vendors and pro-active members of zone-h
international community
• Statistics of most recent digital attacks, surveys and detailed analyses,
presented in our regular reports
• Worth-to-read articles, describing new developments in the IT security
world
• Interviews with leading IT Security industry experts, accompanied by an
opportunity to discuss different topics in specialized forums and IRC
chatrooms
• Ongoing evaluations of current digital threats and short-time prognosis
• Case and motivation studies of digital incidents.
• Daily newsletters
• Free Security services: daily “early warning” bulletin + InfoSec pager
OWASP
3
What is Zone-h.org
Disclaimer:
Zone-h neither: condones, promotes, and/or participates in attacks that
are recorded within our database. It is however in a unique position that
such attacks are freely reported to our organization.
Zone-h catalogues several useful pieces of information for each intrusion
including the timestamp of the attack, software version of the webserver,
the operating system, motivation of the attacker, and reported technical
details of the intrusion methodology.
OWASP
4
Defacement
Defacement is an attack against webpage, replacing the main
(usually) page with attackers page.
Reasons:
Political (hacktivism) – Mohammed cartoosns, G8, war
in Iran, conflict between Israel and Palestine, etc
Best defacer
Fun
Challenge
OWASP
5
Statistics for .be
Jan
Feb
Mar
Apr
May
Jun
2005
401
320
160
297
354
189
2006
159
415
168
341
205
443
Jul
Aug
Sep
Oct
Nov
Dec
2005
274
268
85
137
205
199
2006
1832
1040
1347
359
299
415
Total:
2005 – 2889
2006 - 7023
OWASP
6
Statistics for .be
Defacements 2005 & 2006
2000
1832
1800
1600
1400
1347
2006
1200
2005
1040
1000
800
600
400
200
401
415
320
341
297
168
160
159
354
205
443
274
189
268
85
0
Jan
Feb
Mar
Apr
May
Jun
359
Jul
Aug
Sep
137
Oct
415
299
205
Nov
199
Dec
OWASP
7
Statistics for .be
By OS:
2005
Linux
Windows
BSD
Mac
Solaris
Tru64
Unknown
2006
1824
919
53
46
20
17
10
63
32
1
1
1
1
1
%
%
%
%
%
%
%
Linux
Windows
BSD
Mac
Solaris
Unknown
OS2
4883
1916
156
45
12
10
1
70 %
27 %
2 %
0.6 %
0.2 %
0.15 %
0.05 %
OWASP
8
Statistics for .be
By webserver:
2005
Apache
IIS
Roxen
Unkown
Lotus-Domino
WebSTAR
Zeus
2006
1918
913
38
17
1
1
1
66 %
31 %
1 %
0.5 %
0.5 %
0.5 %
0.5 %
Apache
IIS
Unknown
Nginx
NOYB
SonataServer
Lighttpd
5046
1905
48
17
4
2
1
72%
27%
0.7%
0.2%
0.05%
0.03%
0.02%
OWASP
9
Statistics 2005 for .be
By attack type:
File inclusion
Attacks against user
Other web app bug
SQL Injection
Not available
FTP server intrusion
Web server intrusion
MITM
Other server intrusion
Web server ext. module
1090
327
303
276
225
127
122
86
57
57
Radmin panel attacks
DNS attacks
URL poisoning
Known vuln.
SSH server intrusion
Mail server intrusion
Telnet server intrusion
Shares
Firewall/router attacks
0day
RPC server intrusion
Brute force
Misconfig
52
52
19
19
16
15
14
8
8
6
5
3
2
OWASP
10
Statistics 2006 for .be
By attack type:
Attacks against user
File inclusion
SQL injection
Not available
Other web app bug
Other server intrusion
FTP server intrusion
Web server ext. module
SSH server intrusion
Radmin panel attacks
1696
904
638
569
437
414
326
319
300
194
Firewall/router attacks 185
MITM
177
Shares
170
RPC server intrusion 169
DNS attacks
109
Remote service attacks 108
Web server intrusion 101
Telnet server intrusion 99
URL poisoning
81
Mail server intrusions 27
OWASP
11
Statistics 2005 for .be
By apps:
forum
guestbook/gastenboek/gastje
foto/photo
blog
bb2
nuke
gallery
222
95
13
12
10
3
3
OWASP
12
Statistics 2006 for .be
By apps:
forum
foto/photo/album
phpbb
gallery
guestbook/gastenboek/gastje
cms
joomla
blog
mambo
board
nuke
347
75
39
27
25
20
12
11
10
8
7
OWASP
13
Statistics 2006 for .be
Bits and pieces
police.be/forum
Some sites from
kuleuven.ac.be
and
ulg.ac.be
140 double defacements
21 big (more that 30 sites per IP) attacked
OWASP
14
Statistics for .be
?
OWASP
15
Descargar

Web server attacks in Belgium – statistics from year 2005