I haven’t mentioned SHODAN because I seem to see most everyone else mention it. Robert Graham at ErrataSec has a great, quick post about the site and why it is scary. It really is scary. Think about all that noise from scans you get on your border. Those are people randomly spending hours, days, weeks, months trying to find hosts to attack. SHODAN can change those months of scanning into a search query that takes seconds.
Google hacks already leverage the power of these searches. If a forum software has a hole in it, use Google to search for every known instance of that version.
If you run Server XYZ and tomorrow a remote vulnerability is found, now attacks can find it in seconds.
Now, while this is scary, there is a caveat: This shouldn’t really change your security stance as the host! Yes, attackers can find you faster. But they could find you previously anyway because you’re hosting remotely acccessible servers. This doesn’t make your web server any more vulnerable. But it should influence your time-to-patch and vigilence in keeping abreast of breaking issues.
The rest of what Robert stands firm, though. Attackers salivate over something like this.
2 thoughts on “why shodan is scary and not scary at once”
Feel like its really fundamentally different than Google Hacking (although you don’t say the two are the same, want to raise the point).
We covered this a little here:
But as you say, it takes months of scanning/organizing results and turns it into seconds.
Nice story! And thanks for the comment.
Comments are closed.