HackerTrans
TopNewTrendsCommentsPastAskShowJobs

achillean

no profile record

comments

achillean
·27 dagen geleden·discuss
We are writing https://terminal.shodan.io using iced and the development aspect has been great. Biggest issues are around distributing on Windows.
achillean
·5 maanden geleden·discuss
There will be some honeypots in this data but this is a start:

https://www.shodan.io/search/report?query=product%3Atelnetd+...
achillean
·5 maanden geleden·discuss
FYI: it might be better to search by port:23

https://www.shodan.io/search?query=port%3A23

Or to filter by product:telnetd

https://www.shodan.io/search?query=product%3Atelnetd

A query of "telnet" searches Shodan for banners where the "data" property contains the string "telnet":

https://book.shodan.io/getting-started/query-syntax/
achillean
·5 maanden geleden·discuss
Port 23 has decreased significantly over the past decade:

https://i.imgur.com/tZoTWu6.png

Still seeing a sizable number of open ports but it's on the decline.
achillean
·5 maanden geleden·discuss
FYI we released a tool to calculate a bunch of these types of hashes: https://book.shodan.io/command-line-tools/shodan-hash/

More info about the favicon hashing technique: https://blog.shodan.io/deep-dive-http-favicon/
achillean
·5 maanden geleden·discuss
Already seeing some of the new Moltbot deployments exposed to the Internet: https://www.shodan.io/search/report?query=http.favicon.hash%...
achillean
·6 maanden geleden·discuss
I had a similar experience where a competitor released an academic paper rife with mistakes and misunderstandings of how my software worked. Instead of reaching out and trying to understand how their system was different than mine they used their incorrect data to draw their conclusions. I became rather disillusioned with academic papers as a result of how they were able to get away with publishing verifiably wrong data.
achillean
·6 maanden geleden·discuss
Honeypots are advertising that header as well nowadays:

https://www.shodan.io/search/report?query=x-clacks-overhead

Most of the non-honeypot results are for the Gargoyle Router Management interface exposed by Korea Telecom:

https://www.shodan.io/search/report?query=x-clacks-overhead+...

The results have increased significantly over time:

https://trends.shodan.io/search?query=x-clacks-overhead
achillean
·7 maanden geleden·discuss
Maybe it depends on the type of business/ customers that you have because I've had the opposite experience. For us as a security SaaS, B2B enterprise is incredibly stable and predictable. B2C has a lot more variability and payment issues compared to large orgs with dedicated procurement departments, vendor processes etc.
achillean
·7 maanden geleden·discuss
Searching for ALPR was also one of the popular early queries: https://github.com/jakejarvis/awesome-shodan-queries?tab=rea...

The old PIPS ALPR devices aren't online anymore but they had horrible security as well. Just sending a newline to their UDP port would cause them to send you all images as they were being collected in real-time - no authentication needed. And the images had the license plate information encoded in the JPG metadata. I did a talk about it at some point (https://imgur.com/HHcpJOr) and worked with EFF to take them offline
achillean
·vorig jaar·discuss
In absolute numbers probably not highly representative but the relative numbers are meaningful to measure adoption. And no, it requires the user to disable authentication in order to get the service details to differentiate between Redis and Valkey. But again, you can compare unauthenticated Redis to unauthenticated Valkey to see how the percentages are changing over time.
achillean
·vorig jaar·discuss
Based on Internet-accessible services the number of Valkey servers is low (~120):

https://trends.shodan.io/search?query=valkey_version+port%3A...

Here's a chart of all Redis-compatible services (~55,000):

https://trends.shodan.io/search?query=port%3A6379+redis_vers...