Even More Numbers
There are many different statistics that could have been done; I simply did the basic ones that I thought most interesting.
Vulnerabilities broken down by class
This table groups all of the vulnerabilities that SATAN checked for into nine broad categories.
Vulnerability breakdowns by site type
| Vulnerabilities | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| site type | Denial of Service | FTP | Yellow Web | INND | REXD access | Sendmail | Red Web | YPupdated | statd |
| banks | 57.12% | 0.15% | 9.85% | 3.18% | 0.15% | 9.70% | 1.52% | 0.91% | 29.39% |
| credit unions | 43.43 | 0.00 | 8.03 | 1.46 | 0.00 | 4.01 | 0.73 | 1.09 | 16.42 |
| US federal sites | 44.68 | 0.00 | 36.17 | 0.00 | 0.00 | 12.76 | 2.12 | 6.38 | 31.91 |
| newspapers | 52.88 | 0.32 | 14.42 | 2.24 | 0.00 | 16.67 | 1.28 | 0.64 | 30.77 |
| sex | 56.54 | 0.00 | 6.65 | 1.33 | 0.00 | 11.97 | 0.67 | 0.00 | 18.85 |
| Totals | 53.63 | 0.12 | 10.32 | 2.19 | 0.06 | 10.67 | 1.1 | 0.81 | 24.91 |
| Random group | 28.14 | 0.00 | 1.92 | 0.64 | 0.64 | 7.25 | 0.00 | 0.64 | 13.65 |
(The Denial of Service and Yellow Web vulnerabilities were "yellow" vulnerabilities, and the others were counted as red vulnerabilities.)
I've already discussed the totals, so I'll briefly comment one these additional statistics:
- People on the Internet are either not paying attention or not keeping
up with the CERT advisories, the most reliable and conservative
of the warning systems. Most of these problems have had a
CERT advisory put out to warn people of potential problems.
- The UDP denial of service problem is by far the most prevalant,
affect over half of the surveyed hosts and over a quarter of
the random hosts. A CERT advisory was issued for this, but
largely ignored, apparently.
- Once again, like with the Survey Summary table, is that one of
the most significant things about these numbers is not how certain
types of surveyed hosts are different, but how similar all the
surveyed host types are.
- Sendmail and statd are the most common red
problems found. Sendmail is not a surprise; it has had more
patches and CERT advisories than any other program. Statd is
a recent and very serious bug that covers most versions of Unix.
- Web and news servers are the two most significant services that differentiate the percentage of problems found in the surveyed vs. the random hosts, but still don't account completely for the difference in the amount of vulnerabilities.
Here is the breakdown of OS types for the surveyed host types:
Operating System Types
| OS | Survey hosts | Random hosts |
|---|---|---|
| Sun-4 | 6 (0%) | 20 (5%) | Sun-5 | 54 (3%) | 10 (2%) | IRIX | 17 (1%) | 4 (1%) | IRIX 5 | 21 (1%) | 5 (1%) | VAX/VMS | 4 (0%) | 1 (0%) | SVR4 | 38 (2%) | 7 (2%) | UNIX | 746 (44%) | 21 (5%) | NT | 176 (10%) | 5 (1%) | Mac | 27 (2%) | 2 (0%) | OS/2 | 2 (0%) | 1 (0%) | Free BSD | 6 (0%) | 0 (0%) | BSDI 2 | 14 (1%) | 0 (0%) | Linux | 1 (0%) | 0 (0%) | Unknown | 601 (35%) | 337 (81%) |
SATAN is able to guess at an OS by examining the headers of the system examined. There are some problems, however. For instance, Linux makes a very poor showing not because there are no Linux systems being used out there - there are actually quite a few Linux WWW servers. It's simply because Linux doesn't leave any trace that it is a Linux system - it merely appears to be some sort of generic Unix box.
NT systems have come a long way - the Netcraft Web server survey says:
Overall, the percentage of NT specific servers, running one of IIS, Website, WebsitePro, Purveyor, EMWAC, Commerce-Builder, Alibaba, or WebQuest, is now 15.25%.
My survey results showed almost the same number, if you assume that among the 35% of hosts that SATAN was unable to decipher the ratios of Unix vs. NT remained constant. PC's and Macs composed 20% of the total servers.
       |