Posted by: Troy Tate
ftp, http, information security, infosec, malware, network, network protection, reconnaisance, scanning, search, search engine, ssh, telnet, web
Google is obviously a great tool for everyone including hackers. If you have never heard of Google Hacking, then I highly recommend you take a look at what might be exposed and found through a Google search. This Google Hacking tutorial might help get you started. It is important that you understand the threats against computer security and be prepared to appropriately handle the risks.
A new search engine recently came to my attention that every network person needs to be made aware of. This search engine is called Shodan – a computer search engine. This search engine will allow a user to search for various strings returned when connecting to ports like ftp, ssh, telnet and http. This means I could put in a search string like “cisco country:us port:23“. This would return search results that show any device returning a banner on port 23 (telnet) that has the word “cisco“.
This is scary stuff! This is similar to doing a network scan using nmap and grabbing banners from ports, but this search engine makes scanning individual hosts obsolete.
Here’s an interesting blog post about Shodan: Is SHODAN really controversial? The author followed it up with Taking SHODAN for a spin. Check out the results from this Google search for “Shodan computer search“. If some of those threads don’t scare you, then… maybe you are not an IT person!
Looks like I need to spend some time visiting Shodan to see if there’s some tightening up I need to do on systems I manage! Have you tried Shodan or anything similar? Share your experiences with other ITKE readers.
Thanks for reading and let’s continue to be good network citizens.