HackerTrans
TopNewTrendsCommentsPastAskShowJobs

achillean

no profile record

comments

achillean
·27 дней назад·discuss
We are writing https://terminal.shodan.io using iced and the development aspect has been great. Biggest issues are around distributing on Windows.
achillean
·5 месяцев назад·discuss
There will be some honeypots in this data but this is a start:

https://www.shodan.io/search/report?query=product%3Atelnetd+...
achillean
·5 месяцев назад·discuss
FYI: it might be better to search by port:23

https://www.shodan.io/search?query=port%3A23

Or to filter by product:telnetd

https://www.shodan.io/search?query=product%3Atelnetd

A query of "telnet" searches Shodan for banners where the "data" property contains the string "telnet":

https://book.shodan.io/getting-started/query-syntax/
achillean
·5 месяцев назад·discuss
Port 23 has decreased significantly over the past decade:

https://i.imgur.com/tZoTWu6.png

Still seeing a sizable number of open ports but it's on the decline.
achillean
·5 месяцев назад·discuss
FYI we released a tool to calculate a bunch of these types of hashes: https://book.shodan.io/command-line-tools/shodan-hash/

More info about the favicon hashing technique: https://blog.shodan.io/deep-dive-http-favicon/
achillean
·5 месяцев назад·discuss
Already seeing some of the new Moltbot deployments exposed to the Internet: https://www.shodan.io/search/report?query=http.favicon.hash%...
achillean
·6 месяцев назад·discuss
I had a similar experience where a competitor released an academic paper rife with mistakes and misunderstandings of how my software worked. Instead of reaching out and trying to understand how their system was different than mine they used their incorrect data to draw their conclusions. I became rather disillusioned with academic papers as a result of how they were able to get away with publishing verifiably wrong data.
achillean
·6 месяцев назад·discuss
Honeypots are advertising that header as well nowadays:

https://www.shodan.io/search/report?query=x-clacks-overhead

Most of the non-honeypot results are for the Gargoyle Router Management interface exposed by Korea Telecom:

https://www.shodan.io/search/report?query=x-clacks-overhead+...

The results have increased significantly over time:

https://trends.shodan.io/search?query=x-clacks-overhead
achillean
·7 месяцев назад·discuss
Maybe it depends on the type of business/ customers that you have because I've had the opposite experience. For us as a security SaaS, B2B enterprise is incredibly stable and predictable. B2C has a lot more variability and payment issues compared to large orgs with dedicated procurement departments, vendor processes etc.
achillean
·7 месяцев назад·discuss
Searching for ALPR was also one of the popular early queries: https://github.com/jakejarvis/awesome-shodan-queries?tab=rea...

The old PIPS ALPR devices aren't online anymore but they had horrible security as well. Just sending a newline to their UDP port would cause them to send you all images as they were being collected in real-time - no authentication needed. And the images had the license plate information encoded in the JPG metadata. I did a talk about it at some point (https://imgur.com/HHcpJOr) and worked with EFF to take them offline
achillean
·в прошлом году·discuss
In absolute numbers probably not highly representative but the relative numbers are meaningful to measure adoption. And no, it requires the user to disable authentication in order to get the service details to differentiate between Redis and Valkey. But again, you can compare unauthenticated Redis to unauthenticated Valkey to see how the percentages are changing over time.
achillean
·в прошлом году·discuss
Based on Internet-accessible services the number of Valkey servers is low (~120):

https://trends.shodan.io/search?query=valkey_version+port%3A...

Here's a chart of all Redis-compatible services (~55,000):

https://trends.shodan.io/search?query=port%3A6379+redis_vers...