Carpe Datum: Drinking from the espresso firehose we know as Shodan presented at LayerOne 2012

by Dan Tentler,

Tags: Security

Summary : Have you ever stayed up until 5am fiendishly digging around on shodan? I have. More times than I care to admit. I’m starting to find patterns. Shodan is genius. It’s a glorious search engine that catalogs the banners from TCP connections on several ports – for the entire IPV4 internet. This makes for some bodacious late night reading. The findings, on the other hand, are in a lot of cases most heinous. SCADA, Power company networks and controls, thousands of webcams, weed growrooms, .gov/.mil border routers and sharepoint systems. It’s a little overwhelming. I decided to sift it all through a strainer to make it easier to take in. So I wrote a scraper script and a viewer to better parse the results! Come with me on an excellent adventure – but without Bill or Ted – more like the haunted mansion ride, except all the ghosts and spooks are systems or cameras left wide open on the internet. Did you know you could telnet into hydrogen fuel cells? Neither did I!