Positive trends related to public IP ranges from the year 2025

    Published: 2025-12-18. Last Updated: 2025-12-18 08:07:56 UTC
    by Jan Kopriva (Version: 1)
    0 comment(s)

    Since the end of the year is quickly approaching, it is undoubtedly a good time to look back at what the past twelve months have brought to us… And given that the entire cyber security profession is about protecting various systems from “bad things” (and we’ve all correspondingly seen more than our share of the “bad”), I thought that it might be pleasant to look at a few positive background trends that have accompanied us throughout the year, without us necessarily noticing…

    It should be mentioned that all the following charts are based on data gathered from Shodan using my TriOp tool, which means that they are certainly not exact. Nevertheless, the data is undoubtedly good enough to show us the general trends. 

    The first positive trend that deserves a mention is the overall decrease in the number of industrial control systems accessible from the global internet. Although, based on Shodan data, there still appear to be more than 100 thousand public IP addresses that expose a system that may be classified as ICS on one or more ports, the number has fallen by more than 10% since the beginning of the year…

    Two other positive trends worth mentioning are related to the support of SSLv2 and SSLv3 on port 443.

    While, at the beginning of the year, there were almost 2 million web servers that supported SSLv3, at the time of writing there seem to be only a little more than 1 million of them still left on the public internet.

    The situation has similarly improved in terms of public IP addresses exposing web servers that still support SSLv2. In January, there were more than 320 thousand such servers, while now only about 145 thousand of them seem to remain in December (unsurprisingly, a significant percentage of these servers seem to be located in Kazakhstan, which is something we’ve discussed previously[1]).

    Although, as cyber security professionals, we have to – by necessity – focus mostly on unpleasant trends (such as those related to rising numbers of zero-day vulnerabilities discovered each year, or the continuously increasing impacts of attacks), it is good to notice from time to time that "in the background", some things are getting better... Even if the improvements are only small, they do still count in the long run.

    -----------
    Jan Kopriva
    LinkedIn
    Nettles Consulting

    Keywords: ICS SSL
    0 comment(s)
    ISC Stormcast For Thursday, December 18th, 2025 https://isc.sans.edu/podcastdetail/9744

      Comments

      Login here to join the discussion.


      Diary Archives