It seems pretty amazing just seeing some of the random results come up!
What I wonder, being unfamiliar how it actually works (since I don't have an account) - is the fact that my public IP comes up with 'No information available' just that no paid user has scanned it, or does it mean that my firewall is set up correctly? (I do allow ICMP but that's all for non established/related packets).
Typically it means you've configured your firewall correctly. Shodan continuously crawls the Internet so it's not based on user requesting scans. The IPv4 space is fairly small so Shodan just checks every IP (3+ billion) to find the services that run on it. Your activity/ use of Shodan doesn't affect how Shodan crawls the Internet - unless you request a scan using the API/ CLI. For more information: https://help.shodan.io/the-basics/what-is-shodan
It's a nice touch that the logo is done with pure HTML and CSS (well, other than the triangle, which is an SVG, albeit a simple one), so you can copy the text
Shodan îs a search engine for internet-connected devices. There are a very surprising number of devices (security cameras, IoT thingamajigs, etc) connected directly to the internet.
Is an semi-real-time readout of New(how new? Not sure) devices/addresses accessible from the internet, including unlisted stuff like power plants, fridges, Botswanan cable companies, etc.
Shodan port scans most of the internet and records the response, TLS certificates, etc. They have a search engine and tools like monitoring so you can run queries like “find anything where the certificate has this key (or organization name)” or “notify me any time a new port opens on my organization’s network.
This is the same data but a UI theme for nostalgic 90s internet users.
It's not looking for compromised devices, just anything with an open port. Conceptually they are just running an nmap scan of the entire public IP range and aggregating the results in a searchable index.
They scan pretty regularly and with a membership you can submit scans on demand. Picking a /16 I work with, the oldest full scan is 12/15 and the newest is 1/14 — and I say “full scan” because the oldest hosts show far more recent updates (1/13) for things like the web server ports which had previously been found open.
They scan and report what the servers advertise, so normally you’d see a list of services and it’d list versions which have known CVEs (obviously, this doesn’t say it’s actually vulnerable if e.g. a Linux distribution patched it without changing the advertised major version).
The “compromised” tag is only added after some confirmation of known malicious activity. I’m not sure what all that includes but I believe that can be things like 200 responses to known malware paths or a database reporting names used by common malware.
"compromised" means that it looks like the service was taken over by somebody else. That can mean website defacement (ex. "Hacked by XXX"), database ransomware or any other way that a bad guy can compromise a service.
Many of them already look exploited. You can try informing the owners, but many of the pwned devices are in consumer ISP subnets so I don't think you'll get far. Some of them might be honeypot as well.
It's just a visual thing for Shodan hosts, after all. I don't think the service is finding any new devices, it's just showing random interesting devices from the Shodan database.
I love it! It's anachronistic but I guess the vaporwave-art deco-retro motif always was. They should stream this on a wall at Defcon instead of the Wall of Sheep
I love this. The 3D planar background + synthpop tune just make it. If I had to give this a name, I'd call it "retro marketing". I hope more companies do this kind of stuff.
I love it and it's called "synthwave": neon / wireframe landscape / "metallic" letters with gradients in them and sometimes fake used VHS tape playback fx and of course synth music with lots of arpeggios, italo-disco style.
Makes me all nostalgic even though that genre wasn't identical back in the mid to late 80s/early 90s.
Vids are often featuring old sportcars from that era.
Here I was almost expecting the song to be a live-rendered actual .mod/.xm file (it's mp3), which also would have allow it to be continuously loopable.
... probably biased because I was introducing a younger friend previously oblivious to the modscene† a couple of hours ago through 4-mat's phantasmagoria.ntii (which has loop hints) and jester's elysium and stardust memories, the latter of which the Dolby Headphones rendering is quite enjoyable††.
At Awingu, we did a study concerning open endpoints (specifically RDP as that's relevant for our product) and the numbers were staggering: 360k open RDP endpoints (many of which unpatched and ready for easy exploits) facing the public internet in only 6 European countries. https://www.awingu.com/study-security-threats-360k-companies...
The theme is actually 80's and music sounds very 90s to me. This is what the 80s would feel like in 2000, is it the whole "the 80s were 20years ago" syndrome I wonder.
57 comments
[ 3.0 ms ] story [ 115 ms ] thread:)
Ransomware has become really massive.
[1] https://beta.shodan.io/search?query=%22Your+files+are+encryp...
It’s a great product and I’m continually amazed what the small team is able to accomplish.
What I wonder, being unfamiliar how it actually works (since I don't have an account) - is the fact that my public IP comes up with 'No information available' just that no paid user has scanned it, or does it mean that my firewall is set up correctly? (I do allow ICMP but that's all for non established/related packets).
THE INTERNET...NET...NET...Net...net...!!!
(I feel like that's a good representation for a booming echo effect.)
This is the same data but a UI theme for nostalgic 90s internet users.
Also, what should I be looking for in my own logs to see who is scanning me and using what? 99% its stuff I'm not running (wordpress, mysql).
The “compromised” tag is only added after some confirmation of known malicious activity. I’m not sure what all that includes but I believe that can be things like 200 responses to known malware paths or a database reporting names used by common malware.
I love it.
Some of these results look exploitable.
It's just a visual thing for Shodan hosts, after all. I don't think the service is finding any new devices, it's just showing random interesting devices from the Shodan database.
I'd guess scanning them yourself would be easier and faster, so if you want to invade some system, it's not adding anything for you.
Really doesn't take long to find some industrial automation there.
Makes me all nostalgic even though that genre wasn't identical back in the mid to late 80s/early 90s.
Vids are often featuring old sportcars from that era.
https://en.wikipedia.org/wiki/Synthwave
... probably biased because I was introducing a younger friend previously oblivious to the modscene† a couple of hours ago through 4-mat's phantasmagoria.ntii (which has loop hints) and jester's elysium and stardust memories, the latter of which the Dolby Headphones rendering is quite enjoyable††.
† https://modarchive.org/index.php?request=view_chart&query=to...
†† https://www.youtube.com/watch?v=W1bgMX4UCjw