The total number incidents decreased by half. However, there are only slightly fewer than 10,000 distinct attackers on the greylist. The last month’s seemingly minor reduction may have been indicative of an ongoing decline.
Sentinel View report – May 2023
The overall count for total incidents dropped by 100 million. Sounds like a lot, but given the number of attacks we recorded (1.6 billion), it is just less than 10% decrease. Still significant, but not as shocking as hundred millions sounds. The results for minipot traps have not changed significantly from previous month, it seems the attackers are pretty consistent in regards to what services interest them the most.
Sentinel View report – April 2023
Moving to April, we gained almost ten thousand more unique attackers on average, according to the Greylist. To provide even more context to the events, we added yet another interesting figure — the number of total incidents recorded.
Sentinel View report – March 2023
Looking at Greylist and Incidents Statistics, March data seem to be quite stable in comparison with the previous month. The total count of incidents did not drop significantly from February as the difference is about 100k incidents. The total number of incidents in February, divided by the number of days in the month and then multiplied by 30.36 (average number of days in a month) is 20,543,356.40. For March, using the same rules, we get 20,461,799.03.
New Netmetr is called LibreSpeed and it is global
A long time ago, CZ.NIC started a project called Netmetr, which was performed in cooperation with the Czech Telecommunication Office (CTU). The goal was to provide a reliable Internet connectivity benchmark that ordinary people can use to verify the parameters of their Internet connection. The cooperation went well and CTU was getting more and more interesting data about the quality of Internet connectivity in the Czech
Republic. Moreover, CTU decided to integrate the service into their systems and maintain it by themselves. They used the open-source software Netmetr and created Nettest – their own instance integrated into their environment. That unfortunately meant that the Netmetr itself lost its main purpose and it no longer made sense to keep it running.
Sentinel View report – February 2023
In February, we saw about a 10% decrease in the number of unique attackers, but they were more active. Usually, we see attackers come and go, but in February, although it was fewer attackers in total, we had on average, more attackers blocked every day. This means that those attackers stayed active longer than in January.
Sentinel View report – January 2023
In January, we encountered slightly more attackers than in December. But overall, behavior stays the same. The number of attackers per device and victims per attacker didn’t change much. Looking back at our first report, we also had about the same amount of victims per attacker but more attackers per device. The trend for the last three months is to target about 20 Turris devices on average if you are an attacker.
uCollect is dead, long live Turris Sentinel!
If you follow what we do, you might have noticed that we recently announced the end of Turris OS 3.X. It was first released in 2016 and it was with us for quite some time. But in the end we managed to debug the migration to Turris OS 5.x and migrated everybody over. But this blog post is not about that. This post is about deprecation one of the parts, that was replaced by a newer and better system – uCollect.
WireGuard on Turris
Now more then ever, people connect and work remotely. Everybody uses some kind of VPN, at least in the tech world. The new, trendy and cool way of doing VPNs is Wireguard. Everybody speaks about it and since March it is finally a part of Linux kernel. Its advantages are that it is setup in more straight forward way than alternatives and that it is blazingly fast.