Stats from a Network Surveillance System

LogError writes "Sombria ("shadowy" in Portuguese) is a honeypot system set up in Tokyo, Japan, that is intended for network surveillance and research and not for production purposes. This paper provides some statistics and an overview of the most prominent attacks from May through July 2003."

And the conclusion.

[SmallFurryCreature]

Just because you use linux/unix/mac you are not safe. As shown two of the worms were aimed at the apache this "webserver" used. Also plenty of tools seem to be available just for linux.

But there is hope. A always keep your system upgraded. The vulnarabilities exploited are all well known. No "new" attacks were found by this honey pot. So if this system had been patched it would have had 0 intrusions. (Or I am readigng it wrong)

Also don't install stuff you don't need. Openssl support for apache may be very usefull as is samba. But for most sites this is not needed. Had these two optionals not been installed then again there would have been 0 intrusions.

Stay uptodate and limit the machine to the software needed and nothing more. Oh well off to post this to my boss who keeps insisting on FTP access because it is so much easier then SCP.