Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Port scanning /0 using insecure embedded devices
From: Gage Bystrom <themadichib0d () gmail com>
Date: Wed, 27 Mar 2013 14:34:04 -0700

I think its simply a case of everyone more or less knew this was possible
and quite easy to pull off, just no one publicly bothered to get around to
doing it till now. Afterall its just a large mass of low hanging fruit
compromised to gather data. I'm more impressed by how they aggragated said
data together without leaving a nasty trail. Of course I'm giving them the
benefit of the doubt that they covered their tracks reasonably or have some
sort of means to not worry about law enforcement.
On Mar 26, 2013 8:23 PM, "Stefan Jon Silverman" <sjs () sjsinc com> wrote:

 Was really surprised that outside of Vladis's comment on feeding the
BlackHats this provoked no further discussion...w/in a few minutes of it
arriving I had fired off a forward to several colleagues w/ the comment
that it should provoke an interesting discussion here on the sheer number
of compromised devices to accomplish his goal....dead air....oh well,
sometimes sh*t happens and sometimes is doesn't...

Until this ended up in an eNewsRag in my inbox today (good read): "*The
Dark Side of the Internet of Things*" -->
http://www.networkcomputing.com/next-generation-data-center/servers/the-dark-side-of-the-internet-of-things/240151608


 Regards,
Stefan

**************************************************************************
             *Stefan Jon Silverman*<http://www.sjsinc.com/cgi-bin/DoRedirect?sig-google>- Founder / President
                          SJS Associates, N.A., Inc.
                   A Technology Strategy Consultancy
**************************************************************************
Cell  *917 929 1668*                               *sjs () sjsinc com*<sjs () sjsinc com>
eMail
                              *www.sjsinc.com*<http://www.sjsinc.com/?%20eMail%20Sig>
**************************************************************************
Aim/Skype/GoogleIM: *LazloInSF*              Twitter/Yahoo: *sjs_sf*
**************************************************************************
              Weebles wobble but they don't fall down!!!!
**************************************************************************

 On 3/17/2013 4:54 PM, internet census wrote:

---------------------  Internet Census 2012  ---------------------

-------- Port scanning /0 using insecure embedded devices --------

-------------------------  Carna Botnet  -------------------------


While playing around with the Nmap Scripting Engine we discovered an amazing
number of open embedded devices on the Internet. Many of them are based on
Linux and allow login to standard BusyBox with empty or default credentials.
From March to December 2012 we used ~420 Thousand insecure embedded devices
as a distributed port scanner to scan all IPv4 addresses.
These scans include service probes for the most common ports, ICMP ping,
reverse DNS and SYN scans. We analyzed some of the data to get an estimation
of the IP address usage.

All data gathered during our research is released into the public domain for
further study. The full 9 TB dataset has been compressed to 565GB using ZPAQ
and is available via BitTorrent. The dataset contains:
- 52 billion ICMP ping probes
- 10.5 billion reverse DNS records
- 180 billion service probe records
- 2.8 billion sync scan records for 660 million IPs with 71 billion ports tested
- 80 million TCP/IP fingerprints
- 75 million IP ID sequence records
- 68 million traceroute records


This project is, to our knowledge, the largest and most comprehensive
IPv4 census ever. With a growing number of IPv6 hosts on the Internet, 2012
may have been the last time a census like this was possible. A full documention,
including statistics and images, can be found on the project page.

We hope other researchers will find the data we have collected useful and that
this publication will help raise some awareness that, while everybody is talking
about high class exploits and cyberwar, four simple stupid default telnet
passwords can give you access to hundreds of thousands of consumer as well as
tens of thousands of industrial devices all over the world.

No devices were harmed during this experiment and our botnet has now ceased its
activity.



Project Page:
 http://internetcensus2012.bitbucket.org/
 http://internetcensus2012.github.com/InternetCensus2012/
 http://census2012.sourceforge.net/

Torrent MAGNET LINK:
 
magnet:?xt=urn:btih:7e138693170629fa7835d52798be18ab2fb847fe&dn=InternetCensus2012&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%
 2fannounce&tr=udp%3a%2f%2ftracker.ccc.de%3a80%2fannounce&tr=udp%3a%2f%2ftracker.publicbt.com%3a80%2fannounce


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]