A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at TriOp - my recently published tool, which enables anyone to periodically gather interesting data from Shodan.
TriOp is a tool for quickly gathering information from Shodan.io about the number of IPs which satisfy large number of different queries. Generally, it may be useful to security researchers who wish to use data gathered from Shodan over time as a part of their research (e.g. to show how number of systems exposing remote access protocols to the internet changed as a reaction to new movement restrictions connected to the Covid-19 pandemic) and to CSIRTs, especially national ones, that wish to monitor their constituencies for changes and/or vulnerabilities, but lack the technical tooling that would enable them to periodically scan all of their external IP ranges.
The last quarter of 2020 is behind us, which means it's time for another look at some of the interesting ports accessible on public IPs. This time however, we will take a look at how the internet changed during the whole of 2020, not just at the past 3 months...
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at the increse in support of TLS 1.3 by HTTPS servers and the decrease in support of SSL 2.0.
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at how many publicly accessible systems are still vulnerable to CVE-2019-19781, AKA Shitrix.
My recent post on the Internet Storm Center website about the surprisingly high number of systems still affected by critical vulnerabilities, which have been patched for a long time, received quite a positive feedback. I have consequently decided to take a look at the issue in a more comprehensive manner and since I didn’t know, which vulnerabilities Shodan was able to detect, I’ve used my TriOp tool to gather data for all of the approximately 190k CVEs ever published. After couple of days the script took to run, I have the results and they are quite interesting…
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at couple of pre-2020 high-impact vulnerabilities, which still affect surprising number of publicly accessible systems.
If you've read any of my posts about open ports on public IP addresses either here or on the SANS Internet Storm Center website, you probably know that I'm interested in how the internet changes over time and I try to gain at least some understanding of it by analyzing data gathered over time from Shodan. Since I'm probably not the only one who finds the changes in numbers of different open ports interesting, I've decided to start publishing quarterly charts for the number of IPs, which have some of the more interesting ports open/services accessible from the internet...
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at how regional travel restrictions impact (or don’t) the number of IP addresses which expose remote access protocols to the internet.
One of the side effects of social distancing and self-quarantining due to COVID-19 was a large increase in the use of VPNs (and, in some cases, different remote access protocols, such as RDP or SSH) by companies around the world, so that their employees might work from home. I was wondering how large this increase would be when compared to the usual state of affairs. To determine this, I took a look at data I gathered from Shodan over the course of March and made couple of - hopefully interesting - charts.