Re: Port scanning /0 using insecure embedded devices

[Jeffrey Walton <noloader () gmail com>]

> Many of them are based on Linux and allow
> login to standard BusyBox with empty or
> default credentials.
Forgive my ignorance, but what does the authentication problem (or
lack thereof) have to do with linux/uclibc/busybox? It seems to be a
manufacturer problem (for example, Actiontec) or an  integrator
problem (such as Verizon or Comacast), unless I am missing something.

Jeff

On Sun, Mar 17, 2013 at 7:54 PM, internet census
<internetcensus2012 () mail com> wrote:
> ---------------------  Internet Census 2012  ---------------------
>
> -------- Port scanning /0 using insecure embedded devices --------
>
> -------------------------  Carna Botnet  -------------------------
>
>
> While playing around with the Nmap Scripting Engine we discovered an amazing
> number of open embedded devices on the Internet. Many of them are based on
> Linux and allow login to standard BusyBox with empty or default credentials.
> From March to December 2012 we used ~420 Thousand insecure embedded devices
> as a distributed port scanner to scan all IPv4 addresses.
> These scans include service probes for the most common ports, ICMP ping,
> reverse DNS and SYN scans. We analyzed some of the data to get an estimation
> of the IP address usage.
>
> All data gathered during our research is released into the public domain for
> further study. The full 9 TB dataset has been compressed to 565GB using ZPAQ
> and is available via BitTorrent. The dataset contains:
> - 52 billion ICMP ping probes
> - 10.5 billion reverse DNS records
> - 180 billion service probe records
> - 2.8 billion sync scan records for 660 million IPs with 71 billion ports tested
> - 80 million TCP/IP fingerprints
> - 75 million IP ID sequence records
> - 68 million traceroute records
>
>
> This project is, to our knowledge, the largest and most comprehensive
> IPv4 census ever. With a growing number of IPv6 hosts on the Internet, 2012
> may have been the last time a census like this was possible. A full documention,
> including statistics and images, can be found on the project page.
>
> We hope other researchers will find the data we have collected useful and that
> this publication will help raise some awareness that, while everybody is talking
> about high class exploits and cyberwar, four simple stupid default telnet
> passwords can give you access to hundreds of thousands of consumer as well as
> tens of thousands of industrial devices all over the world.
>
> No devices were harmed during this experiment and our botnet has now ceased its
> activity.
>
>
>
> Project Page:
>  http://internetcensus2012.bitbucket.org/
>  http://internetcensus2012.github.com/InternetCensus2012/
>  http://census2012.sourceforge.net/
>
> Torrent MAGNET LINK:
>  
> magnet:?xt=urn:btih:7e138693170629fa7835d52798be18ab2fb847fe&dn=InternetCensus2012&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%
>  2fannounce&tr=udp%3a%2f%2ftracker.ccc.de%3a80%2fannounce&tr=udp%3a%2f%2ftracker.publicbt.com%3a80%2fannounce

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/