BEST OF THE WEB

Shodan: A tool for IT pros and hackers

There’s an old saying that products aren’t good or bad, it’s how they’re used. The Shodan search engine is a prime example.

Most users turn to hunt for so-called service banners, information about devices connected to their Internet and their systems. It’s ideal for security pros to find out where there might be holes in their networks.

But that also makes Shodan an ideal tool for those wanting to attack organizations. One of the latest articles to point this out ran Tuesday on CSO Online, where writer Maria Korolov called it “a playground for hackers and terrorists” as well as a tool for legitimage security practitioners.

The Shodan blog lists a variety of protocol-specific information the search engine can discover, including

–The Heartbleed on all SSL services,

–a list of peers from a Bitcoin server

–whether a DNS server allows recursive lookups

–all the MongoDB databases

–the SSL certificate for all SSL services

–the robots.txt for HTTP services.

In fact the site has an REST API to help users pull down data for a fee (developers US$ a month; enterprises who need more data US$499 a month).

As Shodan founder John Matherly says in the piece, the site can be used by enterprises to find unsecure devices. But bad guys (and gals) can use this data as well. Among other things, Shodan search information won’t look like a hacker probe. Matherly is quoted as saying the search engine has “numerous technical measures” to prevent abuse.

“In reality, it is much cheaper and effective for the bad guys to use a botnet or a compromised host running [open source network scanning tools] zmap or masscan than to search Shodan.”

The next time you use Shodan think about it. At the very least it should be a spur to IT departments to increase their efforts to secure their environments.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web