Re: Intrusion attempt statistics

[levinson_k () securityadmin info]

I'm not sure I see any real world value in getting or using statistics on "number of intrusion attempts."  If you 
wanted to use these numbers to assess the risk of certain products or make a purchasing or design decision, I don't 
think these numbers would help.  Number of intrusion attempts does not exactly translate into amount of risk.

If you still feel you need these figures, I think you'd get a better answer if you first defined more specifically what 
kinds of intrusion attempts you're interested in.  The figures on number of intrusion attempts vary wildly, are spread 
out across multiple vendor web pages, and are more meaningful if you first define whether or not you're interested in 
attacks on web servers, email viruses to workstation users, mass Trojan/bot/ftp-pubstro attacks where the system is 
technically compromised but the attacker is a script that doesn't care about what's on the system, etc.  

Some useful stats on mass web defacements can be found at www.zone-h.org.  Various vendors have stats on virus and bot 
attacks, although there are often problems with normalizing data that often includes attacks that were blocked by 
antivirus or repeated detections of the same or similar viruses on the same machine.  Some stats on email-borne attacks 
are given at http://emails.messagelabs.com/aem/clients/MES001/images/MLI%202006.pdf

kind regards,
Karl Levinson
http://securityadmin.info

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------