On Thu, May 14, 2009 at 02:35:45PM +0800, W B Hacker wrote:
> But p0f has turned up something I had not expected - port 25 entirely aside,
> nearly 80% of the break-in attempts are coming off Linux boxen and mostly to
> port 22, very few from WinBoxen - on any port.
>
> Looks to me as if Linux has indeed won 'market share' - but not where we might
> have most wished it to have appeared....
Makes sense - box A attacking box B via ssh probably means that box A has
already been compromised by that same attack vector. i.e. attack vectors
tell you more about the attacker than the would-be victim.
--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey
