| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Mar 2013 17:25:18 -0400 From: Jeffrey Walton <noloader@...il.com> To: internet census <internetcensus2012@...l.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Port scanning /0 using insecure embedded devices > Many of them are based on Linux and allow > login to standard BusyBox with empty or > default credentials. Forgive my ignorance, but what does the authentication problem (or lack thereof) have to do with linux/uclibc/busybox? It seems to be a manufacturer problem (for example, Actiontec) or an integrator problem (such as Verizon or Comacast), unless I am missing something. Jeff On Sun, Mar 17, 2013 at 7:54 PM, internet census <internetcensus2012@...l.com> wrote: > --------------------- Internet Census 2012 --------------------- > > -------- Port scanning /0 using insecure embedded devices -------- > > ------------------------- Carna Botnet ------------------------- > > > While playing around with the Nmap Scripting Engine we discovered an amazing > number of open embedded devices on the Internet. Many of them are based on > Linux and allow login to standard BusyBox with empty or default credentials. > From March to December 2012 we used ~420 Thousand insecure embedded devices > as a distributed port scanner to scan all IPv4 addresses. > These scans include service probes for the most common ports, ICMP ping, > reverse DNS and SYN scans. We analyzed some of the data to get an estimation > of the IP address usage. > > All data gathered during our research is released into the public domain for > further study. The full 9 TB dataset has been compressed to 565GB using ZPAQ > and is available via BitTorrent. The dataset contains: > - 52 billion ICMP ping probes > - 10.5 billion reverse DNS records > - 180 billion service probe records > - 2.8 billion sync scan records for 660 million IPs with 71 billion ports tested > - 80 million TCP/IP fingerprints > - 75 million IP ID sequence records > - 68 million traceroute records > > > This project is, to our knowledge, the largest and most comprehensive > IPv4 census ever. With a growing number of IPv6 hosts on the Internet, 2012 > may have been the last time a census like this was possible. A full documention, > including statistics and images, can be found on the project page. > > We hope other researchers will find the data we have collected useful and that > this publication will help raise some awareness that, while everybody is talking > about high class exploits and cyberwar, four simple stupid default telnet > passwords can give you access to hundreds of thousands of consumer as well as > tens of thousands of industrial devices all over the world. > > No devices were harmed during this experiment and our botnet has now ceased its > activity. > > > > Project Page: > http://internetcensus2012.bitbucket.org/ > http://internetcensus2012.github.com/InternetCensus2012/ > http://census2012.sourceforge.net/ > > Torrent MAGNET LINK: > magnet:?xt=urn:btih:7e138693170629fa7835d52798be18ab2fb847fe&dn=InternetCensus2012&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80% 2fannounce&tr=udp%3a%2f%2ftracker.ccc.de%3a80%2fannounce&tr=udp%3a%2f%2ftracker.publicbt.com%3a80%2fannounce _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists