[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAM2Hf5mHTKfCuofugWLV3sVOhrSyKf98e1pbFC1eTA-0xkdQVA@mail.gmail.com>
Date: Wed, 27 Mar 2013 14:34:04 -0700
From: Gage Bystrom <themadichib0d@...il.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Port scanning /0 using insecure embedded
devices
I think its simply a case of everyone more or less knew this was possible
and quite easy to pull off, just no one publicly bothered to get around to
doing it till now. Afterall its just a large mass of low hanging fruit
compromised to gather data. I'm more impressed by how they aggragated said
data together without leaving a nasty trail. Of course I'm giving them the
benefit of the doubt that they covered their tracks reasonably or have some
sort of means to not worry about law enforcement.
On Mar 26, 2013 8:23 PM, "Stefan Jon Silverman" <sjs@...inc.com> wrote:
> Was really surprised that outside of Vladis's comment on feeding the
> BlackHats this provoked no further discussion...w/in a few minutes of it
> arriving I had fired off a forward to several colleagues w/ the comment
> that it should provoke an interesting discussion here on the sheer number
> of compromised devices to accomplish his goal....dead air....oh well,
> sometimes sh*t happens and sometimes is doesn't...
>
> Until this ended up in an eNewsRag in my inbox today (good read): "*The
> Dark Side of the Internet of Things*" -->
> http://www.networkcomputing.com/next-generation-data-center/servers/the-dark-side-of-the-internet-of-things/240151608
>
>
> Regards,
> Stefan
>
> **************************************************************************
> *Stefan Jon Silverman*<http://www.sjsinc.com/cgi-bin/DoRedirect?sig-google>- Founder / President
> SJS Associates, N.A., Inc.
> A Technology Strategy Consultancy
> **************************************************************************
> Cell *917 929 1668* *sjs@...inc.com*<sjs@...inc.com>
> eMail
> *www.sjsinc.com*<http://www.sjsinc.com/?%20eMail%20Sig>
> **************************************************************************
> Aim/Skype/GoogleIM: *LazloInSF* Twitter/Yahoo: *sjs_sf*
> **************************************************************************
> Weebles wobble but they don't fall down!!!!
> **************************************************************************
>
> On 3/17/2013 4:54 PM, internet census wrote:
>
> --------------------- Internet Census 2012 ---------------------
>
> -------- Port scanning /0 using insecure embedded devices --------
>
> ------------------------- Carna Botnet -------------------------
>
>
> While playing around with the Nmap Scripting Engine we discovered an amazing
> number of open embedded devices on the Internet. Many of them are based on
> Linux and allow login to standard BusyBox with empty or default credentials.
> From March to December 2012 we used ~420 Thousand insecure embedded devices
> as a distributed port scanner to scan all IPv4 addresses.
> These scans include service probes for the most common ports, ICMP ping,
> reverse DNS and SYN scans. We analyzed some of the data to get an estimation
> of the IP address usage.
>
> All data gathered during our research is released into the public domain for
> further study. The full 9 TB dataset has been compressed to 565GB using ZPAQ
> and is available via BitTorrent. The dataset contains:
> - 52 billion ICMP ping probes
> - 10.5 billion reverse DNS records
> - 180 billion service probe records
> - 2.8 billion sync scan records for 660 million IPs with 71 billion ports tested
> - 80 million TCP/IP fingerprints
> - 75 million IP ID sequence records
> - 68 million traceroute records
>
>
> This project is, to our knowledge, the largest and most comprehensive
> IPv4 census ever. With a growing number of IPv6 hosts on the Internet, 2012
> may have been the last time a census like this was possible. A full documention,
> including statistics and images, can be found on the project page.
>
> We hope other researchers will find the data we have collected useful and that
> this publication will help raise some awareness that, while everybody is talking
> about high class exploits and cyberwar, four simple stupid default telnet
> passwords can give you access to hundreds of thousands of consumer as well as
> tens of thousands of industrial devices all over the world.
>
> No devices were harmed during this experiment and our botnet has now ceased its
> activity.
>
>
>
> Project Page:
> http://internetcensus2012.bitbucket.org/
> http://internetcensus2012.github.com/InternetCensus2012/
> http://census2012.sourceforge.net/
>
> Torrent MAGNET LINK:
> magnet:?xt=urn:btih:7e138693170629fa7835d52798be18ab2fb847fe&dn=InternetCensus2012&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80% 2fannounce&tr=udp%3a%2f%2ftracker.ccc.de%3a80%2fannounce&tr=udp%3a%2f%2ftracker.publicbt.com%3a80%2fannounce
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists