In summer 2016 I provided brief analysis of IPv4-addresses with SNMP default community (DDoS attacks type SNMP Amplification sources) by countries ( Russian article ). The year is new but security holes are old.
New Year SNMP report by shodan , was compared with June one and shows such dynamics in integral TOP-10:
name='more'>
Countries with positive percentage decreased default SNMP-devices quantity and negative percentage holders increased it.
In general, IPv4-addresses with default SNMP community quantity is less than half a year. The whole world shows such numbers according to previous table:
Differential TOP 10 based on integral one for SNMP public/private looks like a chart:
And as a table:
So, it is clear that IPv4-space contains less default-configured SNMP settings on devices (DDoS-attacks sources) for 23,4%.
Possible reasons of such dynamics are:
A little HOWTO fix a holey SNMP is described here (Russian) . English coming soon.
New Year SNMP report by shodan , was compared with June one and shows such dynamics in integral TOP-10:
2016 | 2017 | Fixed, % | |
Brazil | 1430670 | 1041122 | 27,23 |
USA | 326735 | 240677 | 26,34 |
India | 307155 | 210282 | 31,54 |
Korea | 170979 | 173178 | -1,29 |
China | 121235 | 92019 | 24,10 |
Thailand | 120263 | 61077 | 49,21 |
Colombia | 104903 | 59178 | 43,59 |
Italy | 87020 | 78970 | 9,25 |
Turkey | 80880 | 50824 | 37,16 |
Iran | 79506 | 57866 | 27,22 |
name='more'>
Countries with positive percentage decreased default SNMP-devices quantity and negative percentage holders increased it.
In general, IPv4-addresses with default SNMP community quantity is less than half a year. The whole world shows such numbers according to previous table:
TOTAL | 3748045 | 2821398 | 24,72 |
Differential TOP 10 based on integral one for SNMP public/private looks like a chart:
And as a table:
Country | Fixed, % | |
1 | Thailand | 49,21 |
2 | Colombia | 43,59 |
3 | Turkey | 37,16 |
4 | India | 31,54 |
5 | Brazil | 27,23 |
6 | Iran | 27,22 |
7 | USA | 26,34 |
8 | China | 24,10 |
9 | Italy | 9,25 |
10 | Korea | -1,29 |
So, it is clear that IPv4-space contains less default-configured SNMP settings on devices (DDoS-attacks sources) for 23,4%.
Possible reasons of such dynamics are:
- Default SNMP-settings were changed
- SNMP service was disabled as unused one
- Hosting- and Internet-providers blocked a part of malicious traffic sources
- Upgraded software disables SNMP by default
- Shodan loses control of vulnerable servers
- Your version
A little HOWTO fix a holey SNMP is described here (Russian) . English coming soon.