3 pascal gloor net observatory
TRANSCRIPT
THE NORA REPORT Q1 / 2011
PASCAL GLOOR DREAMLAB TECHNOLOGIES AG
HACKING DAY 2011 / 16.06.2011
Who?
• Joint public – private project
– Dreamlab Technologies AG
– Objectif Sécurité SA
– Engineering school of Fribourg
16-06-2011 © 2011 NetObservatory 2
What?
• Observe & evaluate the quality of the Swiss Internet
• Generate regular reports • Evaluate possible business
applications
16-06-2011 © 2011 NetObservatory 4
Quality?
• Can be measured by evaluating the attack surface – Access – Visibility – Function – Features – Abnormal behaviour
16-06-2011 © 2011 NetObservatory 5
Measure?
• dot CH domains • Swiss IP address ranges • Port scans • DNS, Mail, Web, SSL, ...
16-06-2011 © 2011 NetObservatory 6
NETOBSERVATORY REPORT Q1 / 2011
16-06-2011 © 2011 NetObservatory 7
GENERAL INFORMATION
16-06-2011 © 2011 NetObservatory 8
Report Q1/2011
• 20‘926‘822 IP addresses (IPv4) • 570 Autonomous Systems (ASN) • 1‘316‘060 dot CH domains – 605‘290 distinct owners – 32‘573 DNS servers – 48‘140 mail servers – 744‘195 web sites (75‘655 distinct IPs)
Key Data
16-06-2011 © 2011 NetObservatory 9
Report Q1/2011 Domain distribution
16-06-2011 © 2011 NetObservatory 10
Report Q1/2011 Top 10 domain names owners
0.09%
0.09%
0.1%
0.13%
0.14%
0.17%
0.33%
0.35%
0.36%
0.7%
0.0% 0.1% 0.2% 0.3% 0.4% 0.5% 0.6%
16-06-2011 © 2011 NetObservatory 11
Report Q1/2011 Top 10 ASN by web sites
VTX−NETWORK
CYON
CABLECOM
WEBLAND−AS
ASN−GENOTEC
GREEN
Infomaniak−AS
SWISSCOM
HOSTPOINT−AS
ASN−METANET
0 50,000 100,000 150,000
16-06-2011 © 2011 NetObservatory 12
Report Q1/2011 Top 10 Web servers
othersSquid webproxy
ZopeLotus Domino httpd
DirectAdmin httpdlighttpd
sw−cp−servernginx
MiniServMicrosoft IIS
Apache15%
77%
0% 10% 20% 30% 40% 50% 60% 70%
16-06-2011 © 2011 NetObservatory 13
Report Q1/2011 Top 10 DNS hosting
ch−inter.net
sedoparking.com
ch−meta.net
kreativmedia.ch
hostcenter.com
webland.ch
genotec.ch
infomaniak.ch
hoststar.ch
hostpoint.ch
1.7%
1.9%
2%
2%
2.5%
2.6%
2.7%
3.4%
3.8%
6.6%
0% 1% 2% 3% 4% 5% 6%
16-06-2011 © 2011 NetObservatory 14
Report Q1/2011 Top 10 Mail hosting
worldsoft−mail.net
ovh.net
netzone.ch
udag.de
messaging.ch
vtx.ch
hostcenter.com
genotec.ch
infomaniak.ch
hostpoint.ch
1.3%
3.3%
3.4%
4.7%
8.7%
0% 2% 4% 6% 8%
16-06-2011 © 2011 NetObservatory 15
WEB ACTIVITIES
16-06-2011 © 2011 NetObservatory 16
Report Q1/2011 SSL certificate validation
invalid / correct host
valid / correct host
invalid / wrong host
valid / wrong host
38%
61%
0% 10% 20% 30% 40% 50% 60%
16-06-2011 © 2011 NetObservatory 17
Report Q1/2011 Distribution of SSL key length
>= 2048 bits
>= 1024 bits
< 1024 bits
42%
56%
1%
0% 10% 20% 30% 40% 50%
16-06-2011 © 2011 NetObservatory 18
Report Q1/2011 Distribution of hash algorithms
sha512sha256sha1md5dsa
87%13%
0% 20% 40% 60% 80%
16-06-2011 © 2011 NetObservatory 19
Report Q1/2011 Hash algorithms by creation time
16-06-2011 © 2011 NetObservatory 20
Report Q1/2011 Certificate authorities distribution
16-06-2011 © 2011 NetObservatory 21
Report Q1/2011 Top 10 used CMS
DotNetNuke
Magento
osCommerce
xtCommerce
CMS Made Simple
Contao
Drupal
WordPress
TYPO3
Joomla
4%
14%
30%
38%
0% 5% 10% 15% 20% 25% 30% 35%
16-06-2011 © 2011 NetObservatory 22
Report Q1/2011 CMS distribution (TYPO3)
16-06-2011 © 2011 NetObservatory 23
Report Q1/2011 CMS distribution (Joomla)
16-06-2011 © 2011 NetObservatory 24
Report Q1/2011 CMS distribution (WordPress)
16-06-2011 © 2011 NetObservatory 25
Report Q1/2011 Up-to-date releases of CMS
typo3
wordpress
94%
70%
6%
30%
0% 20% 40% 60% 80%
Statusupdatednot updated
16-06-2011 © 2011 NetObservatory 26
Report Q1/2011 Timeline of a WordPress release
Date
Num
ber o
f Wor
dPre
ss C
MS
0%
20%
40%
60%
80%
100%
2010/12/30 2011/01/24 2011/03/30
Version installed3.0.4 or higher3.xAny
16-06-2011 © 2011 NetObservatory 27
Report Q1/2011 Apache vulnerabilities
not vulnerable
unknown
vulnerable
14%
38%
47%
0% 10% 20% 30% 40%
16-06-2011 © 2011 NetObservatory 28
MAIL ACTIVITIES
16-06-2011 © 2011 NetObservatory 29
Report Q1/2011 Mail servers SSL support
ssl disabled
ssl enabled
75%
25%
0% 10% 20% 30% 40% 50% 60% 70%
16-06-2011 © 2011 NetObservatory 30
Report Q1/2011 Mail servers software
16-06-2011 © 2011 NetObservatory 31
Report Q1/2011 Mail servers software updates
sendmail
exim
86%
98%
14%
2%
0% 20% 40% 60% 80%
Statusupdatednot updated
16-06-2011 © 2011 NetObservatory 32
DNS ACTIVITIES
16-06-2011 © 2011 NetObservatory 33
Report Q1/2011 DNS servers: recursive lookup
no
yes
80%
20%
0% 20% 40% 60%
16-06-2011 © 2011 NetObservatory 34
Report Q1/2011 DNS servers: zone transfer
not allowed
allowed
88%
12%
0% 20% 40% 60% 80%
16-06-2011 © 2011 NetObservatory 35
Report Q1/2011 DNS zones: SPF records
SPF record
no SPF record
15%
85%
0% 20% 40% 60% 80%
16-06-2011 © 2011 NetObservatory 36
Report Q1/2011 DNS zones: Glue records / NS inconsistencies
correct glue records
incorrect glue records
65%
35%
0% 10% 20% 30% 40% 50% 60%
16-06-2011 © 2011 NetObservatory 37
Report Q1/2011 DNS zones: IPv4 vs. IPv6 records
ns
a
mx
100%
91%
72%
15%
0% 20% 40% 60% 80%
IP Version64
16-06-2011 © 2011 NetObservatory 38
MISCELLANEOUS
16-06-2011 © 2011 NetObservatory 39
Report Q1/2011 Unusual ports
microsoft−dspostgresql
netbios−ssnmsrpc
microsoft−rdprpcbindmysql
0 5,000 10,000 15,000
16-06-2011 © 2011 NetObservatory 40
QUESTIONS? / REMARKS?
PASCAL GLOOR [email protected]
WWW.NETOBSERVATORY.CH 16-06-2011 © 2011 NetObservatory 41