Shodan

User avatar
Claude
cheese lizard
Posts: 6241
Joined: 16 Jan 2010, 00:14
Location: Sydney Australia

Shodan

Post by Claude »

also called the world's most dangerous search engine. Reason ? Hackers have ready access to a list of computers which are vulnerable.

If you want to block access to it, these are the IP addresses Shodan uses:

93.120.27.62
85.25.43.94
85.25.103.50
82.221.105.7
82.221.105.6
71.6.167.142
71.6.165.200
71.6.135.131
66.240.236.119
66.240.192.138
209.126.110.38
208.180.20.97
198.20.99.130
198.20.70.114
198.20.69.98
198.20.69.74
188.138.9.50
162.159.244.38
104.236.198.48
104.131.0.69

Add these numbers to your firewalls or any other possible means of denying access to your system based on IP address.

Edit, meant to add this link:

Hack like a pro
Cheers, Claude.

User avatar
Leif
Administrator
Posts: 7193
Joined: 15 Jan 2010, 22:52
Location: Middle of England

Re: Shodan

Post by Leif »

That. Is. Scary.
Leif

User avatar
viking33
PlatinumLounger
Posts: 5685
Joined: 24 Jan 2010, 19:16
Location: Cape Cod, Massachusetts,USA

Re: Shodan

Post by viking33 »

I seem to have found a number of ways to add IP addresses to the Firewall but they all seem to require adding them one at a time and to both inbound and outbound rules.
-------------------------------------
In order to block a specific IP, please follow these steps:
a. Log in to the administrator account in Windows 7 and click "Start."
b. Type "firewall" and click on "Windows Firewall with Advanced Security" that will appear under "Programs."
c. Select "Inbound Rules" on the left panel of the firewall window.
d. Right-click and choose "New Rule" from the pop-up menu.
e. Select the radio button "Custom" and click "Next."
f. Select the radio button "All Programs" and click "Next." Then click "Next" again.
g. Select the radio button "These IP addresses" in the field "Remote IP addresses. Click "Add" and type the IP address you wish to block in the field. Click "OK" and then "Next."
h. Select "Block the connection" and click "Next."
i. Type a descriptive name for this Windows firewall rule. Click "Next" and then "Finish" to create the rule that blocks the IP address.
j. Select "Outbound Rules" on the left panel of the firewall window and repeat Steps d to i.
---------------------------------

If this IS the correct way, is there also a way to add more than one address at a time, such as the list shown in the OP?
BOB
:massachusetts: :usa:
______________________________________

If I agreed with you we'd both be wrong.

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Shodan

Post by StuartR »

All you need to do is NOT serve up your Internet of Things devices on the open internet. This is NOT a firewall issue, it's basic security. Use unique strong passwords to protect your stuff.
StuartR


User avatar
garbsmj
4StarLounger
Posts: 453
Joined: 04 Feb 2010, 03:40

Re: Shodan

Post by garbsmj »

Thanks Claude - I wondered when I did traces on some of this traffic why it said "Shodan" but I thought it was just somebody looking it up and clicking on it to see if it worked. Am alerting the boss.
When one cat leaves, another mysteriously shows up.

User avatar
garbsmj
4StarLounger
Posts: 453
Joined: 04 Feb 2010, 03:40

Re: Shodan

Post by garbsmj »

I just found one this morning 198.20.69.74
When one cat leaves, another mysteriously shows up.

User avatar
John Gray
PlatinumLounger
Posts: 5401
Joined: 24 Jan 2010, 08:33
Location: A cathedral city in England

Re: Shodan

Post by John Gray »

Wouldn't it be better to do it the other way round?

Block the approximately 4 billion possible IPv4 addresses, and just
allow the few which you know to be acceptable?

You can do the blocking also via the Hosts file.

(This might become a bit more difficult when people move on to IPv6...)
John Gray

Venison is quiet deer, and quite dear.

User avatar
garbsmj
4StarLounger
Posts: 453
Joined: 04 Feb 2010, 03:40

Re: Shodan

Post by garbsmj »

We wish we could but unfortunately we have people working remotely plus they travel a lot. So that's why I look to see what got through and plan on automating this once we upgrade to a new version of the softwre we're using. And you know, using the "free wifi" at hotels and stuff. Thanks though - we're trying to create a white list of "ok ips" which I asked to see in that "just curious" way because I don't want to be maintaining that.
When one cat leaves, another mysteriously shows up.

User avatar
garbsmj
4StarLounger
Posts: 453
Joined: 04 Feb 2010, 03:40

Re: Shodan

Post by garbsmj »

I just got a list of 100 and the author said "do not use as a blacklist". Hmmm.
When one cat leaves, another mysteriously shows up.