Re: [PEN-TEST] Network Attack Trend Analysis

[Erik Tayler <nine () 14X NET>]

Factual wasn't the word I was looking for. If I can remember correctly,
the person that was asking for information was looking for certain
stats, and (in my limited understanding of attrition) I thought
attrition only provided statistics for websites that were defaced, which
wouldn't take into account dedicated mailservers, or just fileservers et
cetera. Ok, well you already covered everything I just said, but I don't
feel like deleting my hard work. So hrm, let me rephrase...

"Attrition is a great statistical page regarding website defacements."

Happy? ;-}

Erik Tayler
14x Network Security
http://www.14x.net

security curmudgeon wrote:
> > Check CERT [ www.cert.org ] for recent network attack trends and most
> > commonly exploited vulnerabilities, et cetera. Check the Attrition
> > defacement mirror statistics [ www.attrition.org ] for a general
> > overview of the .com/.net/.gov/.edu/.kr et cetera. These statistics are
> > for general knowledge, and should not be considered factual, however
> > interesting they may be.
>
> Just curious why you would consider the attrition.org stats "not factual"?
>
> The real disclaimer is that the stats cover security incidents where web
> pages were defaced. Obviously many intrusions are carried out and the web
> server untouched, all of which would fall outside the scope of the
> Attrition Mirror and its stats.
>
> We verify all defaced pages we mirror before putting them up on the
> mirror.  This leaves a small margin for error for mirrored sites before
> Jan of 99, but all data on the mirror is accurate to the best of our
> knowledge and research.
>
> While it is not thorough and leaves a small margin for error, I certainly
> don't think you can say "These statistics .. should not be considered
> factual."