IT Trenches

Dec 18 2009   7:58PM GMT

Search engine for telnet, ftp, ssh and http brings hackers closer to your doorstep



Posted by: Troy Tate
Tags:
ftp
http
information security
infosec
malware
network
network protection
reconnaisance
scanning
search
search engine
ssh
telnet
web

Google is obviously a great tool for everyone including hackers. If you have never heard of Google Hacking, then I highly recommend you take a look at what might be exposed and found through a Google search. This Google Hacking tutorial might help get you started. It is important that you understand the threats against computer security and be prepared to appropriately handle the risks.

A new search engine recently came to my attention that every network person needs to be made aware of. This search engine is called Shodan – a computer search engine. This search engine will allow a user to search for various strings returned when connecting to ports like ftp, ssh, telnet and http. This means I could put in a search string like “cisco country:us port:23“. This would return search results that show any device returning a banner on port 23 (telnet) that has the word “cisco“.

This is scary stuff! This is similar to doing a network scan using nmap and grabbing banners from ports, but this search engine makes scanning individual hosts obsolete.

Here’s an interesting blog post about Shodan: Is SHODAN really controversial? The author followed it up with Taking SHODAN for a spin. Check out the results from this Google search for “Shodan computer search“. If some of those threads don’t scare you, then… maybe you are not an IT person!

Looks like I need to spend some time visiting Shodan to see if there’s some tightening up I need to do on systems I manage! Have you tried Shodan or anything similar? Share your experiences with other ITKE readers.

Thanks for reading and let’s continue to be good network citizens.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: