More Attacks on Linux than Windows

the special sauce writes "This vnunet.com article discusses the trend of attacks this year as compared to last. Over all, according to mi2g, attacks are on the rise. However, though attacks on Linux systems are up, attacks on Windows based systems have actually dropped dramatically when compared to last year. If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems."

Yea, and about CodeRed?

[clump]

Looking through my Snort and Apache logs, I see about 5-10 CodeRed attacks *daily*. This is something that was fixed over a year ago, and it still fills my logs. About that 'chunked' Apache vulnerability? Twice. I have seen it 2 whole times within the weeks its been out. Lets not forget about this CodeRed bug, because it surely is an attack (a full "root" attack) and I have *never* been attacked with anything else so often. I doubt any study that doesn't take this into account.

not from our perspective

[sloth+jr]

We run hosted web services for customers that between two datacenters aggregate about 50 million web hits a month.

Snort and logsurfer snippets from our firewall logs go off all the time. Though I would say that we have seen more attacks targeting linux services (we're a linux shop, btw) than we've seen in the past, the majority of our attacks do seem to be against windows-based services.

From an overall security point-of-view, the last three to six months have not been great ones from a linux vulnerability point-of-view: zlib, BIND, ssh, apache, Tomcat (not that some of these problems haven't affected Windows boxen also). It's kept us hopping patching our servers. We've been lucky, so far - no successful intrusions (that we're aware of, of course!).

In general, it seems much easier to social engineer one's way into a Windows network via email attachments than directly attack it.

Don't Bother: vnunet author Middleton is a Moron

[fanatic]

This is another article by James Middleton, who is not a trustworthy source on this issue.

I went there just long enough to see his byline (being careful not to download images, hence no ad revenues), then came back here.

I've never seen Middleton write anything about Open Source that wasn't complete bullshit. This guy is either totally bought and paid for by Micorsoft, or is seriously stupd.

mi2g

[doom]

Evidentally, this story is a re-typing of the press release from "mi2g", so you might as well look at the original: Digital attacks on Open Source systems soar. It includes a bunch of pointers to pdfs of graphs of their data (none of which I can read because of some sort of "can't find colorspace cs8" error). But they don't appear to include any additional information, they're just graphs.

The source of the data is supposed to be the "mi2g SIPS database", about which they say:

The mi2g SIPS (Security Intelligence Products and Systems) database has information on over 6,000 hacker groups and maintains a record of over 60,000 individual hacking events since 1995. The SIPS intelligence citations include the 2002 Computer Security Institute (CSI) / Federal Bureau of Investigation (FBI) Computer Security Issues and Trends Survey [Vol. VIII, No. 1 - Spring 2002]

(Do you need me to toss in some editorializing about how this is evidentally a company that specializes in publishing alarmist press releases to encourage people to buy their products? Oh, and take a look at key clients... yup, includes Microsoft).

Re:Which are more successful?

[BlueUnderwear]

Anyone who stays on top of their web server logs will see plenty of code red attacks every day. The fact that a default windows 2000 install is susceptable to it doesn't help.

Just grepped for <tt>../..</tt> in my <tt>httpd/error_log</tt>.<p>
292 matches.<p>
But that log goes back to April 30th. Last year in August, I had that many probes in <em>one day</em>. So, I'd say, CodeRed/Nimbda activity did indeed decrease...