| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Mar 2013 19:54:03 -0400 From: "internet census" <internetcensus2012@...l.com> To: full-disclosure@...ts.grok.org.uk Subject: Port scanning /0 using insecure embedded devices --------------------- Internet Census 2012 --------------------- -------- Port scanning /0 using insecure embedded devices -------- ------------------------- Carna Botnet ------------------------- While playing around with the Nmap Scripting Engine we discovered an amazing number of open embedded devices on the Internet. Many of them are based on Linux and allow login to standard BusyBox with empty or default credentials. From March to December 2012 we used ~420 Thousand insecure embedded devices as a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most common ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage. All data gathered during our research is released into the public domain for further study. The full 9 TB dataset has been compressed to 565GB using ZPAQ and is available via BitTorrent. The dataset contains: - 52 billion ICMP ping probes - 10.5 billion reverse DNS records - 180 billion service probe records - 2.8 billion sync scan records for 660 million IPs with 71 billion ports tested - 80 million TCP/IP fingerprints - 75 million IP ID sequence records - 68 million traceroute records This project is, to our knowledge, the largest and most comprehensive IPv4 census ever. With a growing number of IPv6 hosts on the Internet, 2012 may have been the last time a census like this was possible. A full documention, including statistics and images, can be found on the project page. We hope other researchers will find the data we have collected useful and that this publication will help raise some awareness that, while everybody is talking about high class exploits and cyberwar, four simple stupid default telnet passwords can give you access to hundreds of thousands of consumer as well as tens of thousands of industrial devices all over the world. No devices were harmed during this experiment and our botnet has now ceased its activity. Project Page: http://internetcensus2012.bitbucket.org/ http://internetcensus2012.github.com/InternetCensus2012/ http://census2012.sourceforge.net/ Torrent MAGNET LINK: magnet:?xt=urn:btih:7e138693170629fa7835d52798be18ab2fb847fe&dn=InternetCensus2012&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80% 2fannounce&tr=udp%3a%2f%2ftracker.ccc.de%3a80%2fannounce&tr=udp%3a%2f%2ftracker.publicbt.com%3a80%2fannounce _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists