Taking another look at the AWS Gov Cloud data I wanted to see what applications (e.g. nginx, Apache, etc.) and application stacks (e.g. PHP, ASP.NET, etc.) were most commonly used for ports 80/tcp and 8080/tcp. The total number of applications (508) far exceeds the application stack count (121) so after eliminating the servers without an application stack (387) we can see the counts below.
How do these map? The Sankey diagram below shows the most common mapping between applications and application stacks on the AWS Gov Cloud.
My friend Jay Jacobs (@jayjacobs) brought up an interesting idea this afternoon. Why not see what kinds of “popularity contests” exist between applications/application stacks and public/Gov cloud hosting. Maybe I’ll dig into that in the future.
Today we’ll look at the access certain countries have to AWS cloud server guest instances. Using the scan data from January 1st through 10th (inclusive) we can see in the Sankey diagram below that access to IP addresses varies by country.
Represented in this scan are scanners located within Russia, Australia, China, and the US using a number of TCP ports – as defined by the scan schedule. The diagram isn’t the easiest to read but you can click on the image to enlarge it in a new window.
I may post the Port-to-Target Sankey diagram later today.
This is a snapshot of Amazon AWS port 80 application server banners for the time period spanning January 1st through January 10th (inclusive).
This data is derived from the scanning of all AWS CSP guest instances (5,156,864 – based on disclosed subnet ranges) where the port 80/tcp was unfiltered and accessible from the Internet. The average number of hosts that responded to port 80/tcp scans on the AWS subnet was 431,533, or only about %8.4 percent of all AWS allocated subnets.
From the scan 119,602 banners were discovered on port 80/tcp, this chart depicts the Top 20 application servers detected.
Next, we see the application stacks discovered in the same scan. Not every application server has a corresponding application stack (e.g. not ever Apache/2.2 server has PHP/5.2 installed) which accounts for the 80,731 servers with an application stack of ‘none’.
Excluding the ‘none’ count, we discovered 39,011 application stacks (119,742 including the ‘none’ values)
I hope you find this data useful.
Note: No servers were harmed in the collection of this data.