Shodan[1] is one of the most familiar site for research on what is on the internet. In Oct 2020 I did a diary on Censys [2][3], another site collecting similar information like Shodan. The next two sites are regularly scanning the internet for data which isn't shared with the security community at large. Net Systems Research [4] probe the internet for research, but none of the data is accesible or published on the site. This is part of the message About Us: "Net Systems Research was founded in 2015 by a group of security data researchers who wanted to utilize a global view of the internet to study these difficult and emerging internet security challenges and understand the resulting implications." Security IPIP [5] has no information beside a banner: "Our company engaged in the researching and data collecting of IP location, internet infrastructure and network security, we need to detect the internet (Ping/ Traceoute Mainly); For network security research, we need to obtain the IP location Banner and fingerprint information, we detecting the common port openly or not by ZMap, and collecting opened Banner data by our own code. Any questions please do not hesitate to contact with us: frk@ipip.net." Over the past 3 years, my honeypot has logged information at various point in times from these 4 different research organizations. Here are some typical logs and their top 10 IPs. Shodan uses IP range 71.6.128.0-71.6.255.255 to run its scans but unlike other scanners, it doesn't include a banner in the captured logs. Activity first noticed 4 June 2018. This is a sample log: 20210507-171447: 192.168.25.9:80-71.6.158.166:34476 data Activity first noticed 19 Aug 2020. This is a sample log: 20210506-011443: 192.168.25.9:80-162.142.125.38:46726 data Activity first noticed 15 Feb 2019. This is a sample log: 20210506-013155: 192.168.25.9:8443-92.118.160.5:47195 data Activity first noticed 14 Oct 2018 data. This is a sample log: 20210506-082116: 192.168.25.9:81-172.104.67.101:42966 Since the data is already out there, why not use Shodan or Censys to explore what services a home router is sharing to the internet. Here is an example of list of services recorded and audited by Shodan which also includes SSL certificate information, banner version, etc.
[1] https://www.shodan.io ----------- |
Guy 523 Posts ISC Handler May 9th 2021 |
Thread locked Subscribe |
May 9th 2021 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!