Crazy quilts: unpicking patch deployment in .au and .nz
For the last few years, a consortium has been running scans over the entirety of the .nz and .au networks (as defined by the GeoIP database). Focusing on the most popular ports, the results of these scans are a fascinating look into the 'health' -or otherwise- of these countries' networks.
Concentrating on the banners and headers from making a connection on TCP ports 22, 23, 80, 53, 443, and 445*, it is possible to fingerprint both the OS and associated patch level of some hosts at a particular point in time. When aggregated, what does this information suggest about current patching strategies in Australasia? Do particular operating systems appear to be easier to keep up to date, or are we failing to maintain them? Finally, excluding harried systems administrators of every type, who might have a vested interest in such a project?
*ssh, telnet, http, dns, https and smb/windows shares, respectively.
Joh currently works at an open source development and hosting company as a systems administrator. She has trouble writing biographies.