Mnenge u sha Ijingi i nengen shin injin
Shadowserver u ijingi i nengen shin injin ne statistics u tsembelee u u tesen tithi data u jimjim u Shadowserver ka a ngohol shi a tindi a min sha ityom i ayange ayange ken ripoti mba hemban 100 hanma iyange. Atihi a data la ka a wase u kaven mtenum u ken igbar ken won, mbamkor shio, u koron chio ga, mban u taha u ahumbe a lamenkua mvershima sha mtenum. data, u i tindi a min inja er ka uripoti, ka alu a vighe vighe u u IP u ibaver i gande gande sha ma ityo i ahumbe a lamen shin akaa a zough sha min yo. Shadowserver u ijingi i nengen shin injinun a faityo u nan imbyia ian ne nahan ga. saa di u nan statistics u gande gandeu tesen foto u akaa ne. Kwagh ne un a na mkavsha akaa a van a mchiem, mbamkor shio, atoakyaa van ior a mkav ken ajiir ase kpa geman duen a ma or ken igbar ga.
Ajiir a zuan a akaa man tags
Data u duen a min ka i zua a min hen ato wase sources man tags. Ape zuan a akaa yo ka ijiir i dedoo i kohol data sha anza anza. ajiir a zuan a akaa ne yo ka honeypot
, population
, scan
, sinkhole
. Iyengeior man foto u toon cii i zua ve ken atihi a data a foto gema iyenge ior yo ka utesen mkur u kwagh la ken igbar wa mkor shio ker ga/u timen sha kura iyol. 6
mkur u itii tile sha ityogh ki IPv6 data (akaa a i nyer a min a ikyav i mkur u itii la shio cii a yila a er IPv4 data).
pe zuan a tag un a faityo u lun ken mzough a mba seer van a gbenda sha ci u data u i tese un la. Ikyav i tesen, utag sha ci u scan
un a faityo van a ufoto mba nyiar ato kposo kposo ( ka inja er, ityom eren/ukpetekpete mba akaav mba i nyiar ve foto inja er telnet
, ftp
man rdp
). Utag sha ci u sinkhole
un a tese pe mzeiyol u a zough sha ihyungwa i i tim ( ka vough er ijiir i ngohol akaazua a angev hen ma tsombor u nan mzeyol inja er adload
, andromeda
man necurs
).
Utag ka ve seer nan mkav sha data u igbe won a min la
U seer shamin yoshi se seer van a gbenda paven atihi u seer wasen u nengen sha mkor shio shin ajiir a veren akaa - ikyav i tesen, http_vulnerable
shin compromised_website
. Kwagh ne un a faityo u lun a utag mba tesen u CVE mba mkor shio kpor kpor, mbateen kwagh shin ikyav mbi mbi zough a zayol shin kwaghoronu sha ihinda i ken jime, ikyar i jime ikyor webshells shin akaa a ken myer a i nenge a min yo. Ikyav i tesen sha http_vulnerable
alu citrix
or cve-2023-3519
.
Kwagh u mase jime yo se seer akaa a wasen u nengen sha atihi a data wase nahan se seer zuan a utag. Kwagh ne tese er semba a igbenda i he i se faityo u tsuan yo. Ikyav i tesen, shin er snmp
ka tag u alu sha pe zuan a akaa scan
, mba feityo u tesen un er ka gbenda u zuan a akaa nahan. Kwagh ne ka a na se ian duen a uververmba snmp mba nyiar foto u ka na ian i nengen a snmp ufoto mba ve zough sha mkor shio inja er cve-2017-6736
.
Mzough mba fese a data anza anza: Teran u yemen a kwagh ken Imese
Atihi a data a itese a la ka i va amain ijiir imom gbing vough er sha gbenda u timeihyungwa, foto u nyiar man ityegh ki iyough nahan. ka i samber a anza a atihi a data ne sha teran u yemen a akaa ken imese man hanmo na a ikiva i sha ijingi na.
Ishimaverenkeghen yo ka u wasen mlu u fele fele u ma source sha anza na. Ikyav i tesen:
-
Sinkholes - ka a na mkav sha sha atihi a data a i kohol sha gbenda u zuan a akaa
sinkhole
. U faityo u nengen a atam a tom u timeihyungwa sha u tsuan tag mom shin atihi a utag, -
Scans - ka a na mkav u laa u atihia data a i kohol a sha gbenda u i zough a min la
scan
(u ngun ne ngu a kwagh u toon foto nan result sha ityom i kwagh u mkor u i a taver yo, u faityo u nengen a ingyeri uresult mba i nyiar foto ve yo sha u tsuan pe zuan a akaapopulation
instead). Man u mase nengen a ma foto u nyiarresult sha u tsuan ma tag shin atihi a utag. -
Honeypots - ka a na mkav u atihi data a i kohol a sha gbenda u i zough a min la
honeypot
. Man u faityo u nengen a ma result u ityegh ki iyough sha u tsuan ma tag shin atihi a utag. -
DDoS - ka a na mkav u atihi a data a i kohol a sha gbenda u i zough a min la
honeypot_ddos_amp
. akaa a ngan a seer mtenum nja er DDoS a i nengen a a sha mfe ken ma tar/kpentar. U faityo u nengen a ma gbenda u i er tom yo sha u tsuan ma tag shin atihi autag. -
ICS - ka a na mkav u atihi a data sha gbenda u i zough amin la
ics
(mban ka uresult mba i nyiar ve mba kpete kpete mba nengen sha kompani i tsuaa). Man u mase nengen a kpete kpete u tsuaa la sha u tsuan ma tag shin atihi a utag. -
Web CVEs - ka a na mkav u atihi a data a ikohl a sha
http_vulnerable
manexchange
. mban ka mbamkor shio mba ukper mba tesen tar mba i zough a ve ken foto u nyiar wase sha gbenda u CVE. U faityo u nengen a CVEs mban shin ikyav mbi mbi saa she yo sha u tsuan ma tag shin atihi a utagor.
A faityo u veren atihi a data mbela ker sha atihi atihi sha ityogh ki tar mom shin shin ityar.
Hanma tihi data yo i pase kwagh na sha gbenda ne nahan er “Kwagh u data ne”.
Ma u fe kwagh ne nahan wer atihi a data nga kpishi dugh mba i hembe ve hembe lun sha shi la. Ikyav i tesen, pe zuan a akaa beacon
Un a nau ian u koroncio u kaven akaa a ken hemen a isor i ver yo C2s se nenge ufoto mba nyiar asev, man pe zuan a akaa compromised_website
un a na u ian u koroncio a mbamkur mba mbamershaminga mba i nenge a min ken ufoto mba nyiar asev la.
Teran u sha u yemen a aka
Teran u hiden a akaa u ulu vegher sha la ka u wase u nengen a atoakyaa kposo kpososha mtese u data, man shi sha mnenge u nengen ikyav man u kaven mtenum u atihi a data.
Statistics u laa laa
Statistics u laa ngu a tahav mbu nengen sha hanma source and tag sha u tsuan:
- World map - mkper u taregh u u alu tesen er tsua sources man tags. akaa a gen a i seer yo ka: mkorcio u bughun sha u tesen tag u alu can u nengen a min ga sha ityough ki tar sha ityough ki hanma gbenda u zuan a min,veren vough sha hanma iyenge ior,GDP, zua mba eren tom a min etc. U faityo u shi tsuan akav sha mkper la u tesen mlu mba hanma tar.
- Region map -mkper u sha iaven i tar ka a teseshi a pav ityar ken upyaven man ajiir a hemen ior.
- Comparison map - ka mkper u karen mlu u ityar ihyar.
- Time series - chart i ilu tesen source and tag zuan akaa sha ashighe. Fa wer ka a na un ian u kohol atihi a data kposo kposo (ka sha ityough ki tar mom tso ga).
- Visualization - ka ana otoaikyaa kpishi a timen nyoron shin atihi a data, man mba mlu mba injaa sha ashighe ashighe. ka a na ian i tesen udata sha utebul, uchart mba lun a teran, akaa akperan a lun er mbolo mbolo man ikpila i akaa a genegh.
IoTka kwagh u statistics (statistics u keren akaa)
Tihi data ne man akaa a azough sha a na a nengen sha akaa la ka a na mtee u foto kwa mom u duen a ikighir i tihiu kohl un sha u duen a mbateen akaa man akaa a teen ve a i zough a min sha gbenda u nyiar foto la. I pav data ker sha mlu mbateen, inja mlu na man inja i akaa a i er un amin la.Mba fe akaa ne sha igbenda kposo kposo, inja er akaa a alu ken itine ikper u nengen sha tar, takerada u tesen mye u ikyaren i SSL/TLS, ituta i ikende a i sha yo etc,Atihi a data la nga a data u iyenge ior ker tseegh tese er ma ikyaren imom ngi i er sha ciu mbamkor shio mba ve lu wegh sha mkur u i dugh a na ken igbar la ga. (u zuan a amba la yo, stua pe zuan aakaa inja er ikyav i tesen http_vulnerable
sha “statistics u laalaa).
Uchart mba nengen kere mba lun er “Statistics u laa laa” mba ken igbar, mkposo ve yo u eren tom a sources man tags yo u faityo u bughun nengen (and group by) vendors, models man device types .
Numtan sha statistics: Mkor shio
Tihi data ne man akaa na a nengen kera la ka a na mtee u foto kwa mom hanma iyange sha mbamtenum mba i nenge a min sha akaa a nengen tsula a sha tsua iyough u sha ahumbe ase la, u hemban veren shima sha mbamkor shio mba i er tom a ve u vihin kwagh la. akaa na nga a iwasen u nengen sha ikyav mbi ka i taan num sha mbi hanma shighe la man u fan gbenda u ka va ta num sha mbi la ( ka shau fan mkorshio mba ka ve lu a CVE ui kav un la). U faityou shinengen a uchart sha gbenda u mbamtenum sha ve man shi ikighir ve.
Uchart mba nengen kera mba lun er “Statistics u laa laa” mba ken igbar, kpa mkposo ve di yo u eren tom a sources man tags u faityou nengen (and group byman shi kohol atihi atihi sha) vendor, vulnerability man sha source man destination mba inyum tan la.
Akaa a iseer sha mnenege u atoakyaa kposo-kposo a i lu kenger a yo:
Ngun ka tebul u he u akaa i vande fan a ne mkorshio a i kohol aken gbenda u zuan a akaa u IPs u nengen sha mte u i te num yo (shin mtenum u i nenge amin, aluer u tsua gbenda u nongon u zuan sha statistics la yo). Ka i zua a data sha akaa a nengen tsula a tsuaiyough u sha ahumbe ase. I pav data ker sha mkav u mbamtenum. ve yo ka CISA Mbamtenum mba i kav shi i fe kwagh ve man i sor ve i ver yo. (u seer shamin yo shin ka a inja u fan man kaven gbenda u tihi u ransomware) man shi shin mtenum sha kwagh u i yer er IoT la a sha akaa a nan mertom sha ahumbe.
A mzeyol shio yo mtese ken igbar u akaa a i tese la tese mbamkor shio mba i fa ve kpishi mba i kav kwagh ve sha tar wuee yo, kpa u faityo u shi tsaghen sha ityough ki ma tar shin koholtihi shin u faityo tesen tebul u ma kwagh u zaniyol.
Numtan sha statistics: Ankaam
Dataset man akaa kpishi a se eren tom a a sha u kenger a la na se foto u toon sha anza a akaa aa ate num sha ikyav mbi se nengen tsula sha tsuayough wase sha ahumbe la. Ihowecivin sha ikyav mbin cii mba eren un ka sha scan u ayange ayange. Dataset ne wasen sha u koron mba tan num ato kposo-kposo, a faityo u kasen ikyav mbi teen man akav a lu ikav i tesen la sha hanma tar.
Ato-aliam a lu kwaghmom er alu ken “General statistics” yo, mkposo ve yo tese er u eren tom a sources and tags u faityo u kenger (man shi veren sha ikpen ikpen sha mlu) mtenum type, device vendor or model instead.
Akaa a iseer sha mnenege u atoakyaa kposo-kposo a i lu kenger a yo:
U ngun ka table u akaa aa lu hen ato wase i due ami sha u fan akaa lu tan num sha ikyav mbi se nengen ami mbi mbi lu kposo sha ijiir i yer er IPs mkenger zumbee sha akaa atan num la (shin akaa atswam a i kenger, aluer u tsuwa akaa azuan aa lu aa anniongon sha atoakyaa a sha ikpilaakaa la yo). Datasets u i tese un hen ijiir ne cii i zua ami ka ken tsuayough wase u nengen akaa tsula sha ahumbe la. I ver ve sha ikpen-ikpen sha mlu mtenum ve er i nengen yo, akaa ateen man kav (aluer ngu yo). Se faityo u fan ikyav mbi i te num ambi la sha u karen mbi vea IPs sha u nengen a ureporti mbi ikyav mbi shonon hanma yange i inyiar ihowecivin yase yo (nenge sha “ikyav mbi IoT statistcs” hen tion na u alu her la.
Sha mlu u vough ga u i tese sha akaa a lu hen ato wase aa te num sha ikyav (ajiir a izough ambi la) er se nengen ite num sha mbi yo (shin sea kera faityo u duen a ikav i tesen ga je kpaa, u faityo u tesen ikav sha kwagh u teen). U faityo u tsuwan akaa kasen sha hanma ipaven atar shin sha ikpen-kpen er i due ami sha table u kwatakerada u akaa a zaniyol la nahan.