News & Insights

Topic: Scans

Open MQTT Report - Expanding the Hunt for Vulnerable IoT devices

March 15, 2020
New MQTT IPv4 scans are now carried out daily as part of our efforts to expand our capability to enable the mapping of exposed IoT devices on the Internet. A new report - Open MQTT - is now shared in our free daily victim remediation reports to 107 National CSIRTs and 4600+ network owners. In particular, the report identifies accessible MQTT broker service that enable anonymous access. The work is being carried out as part of the EU CEF VARIoT (Vulnerability and Attack Repository for IoT) project.

ISAKMP Scanning and Potential Vulnerabilities

September 20, 2016
As many of you are aware, we scan the Internet on a daily basis for many different protocols.  We have added several new ones over time mostly depending on our own time available to engineer a scan for that protocol.  Occasionally, we add one that is more topical and addresses a recent vulnerability or issue that needs to be focused on sooner rather than later.  ISAKMP falls into that category.

SYNful Knock

September 21, 2015
On 15 September 2015, FireEye published information about potentially compromised Cisco routers under the name SYNful Knock. As soon as Shadowserver became aware of these potential compromises, Shadowserver and Cisco worked together and cooperated to scan the internet to detect these affected routers to allow a more accurate notification of the affected end-users.

Of Privacy, Security, and the Art of Scanning

June 23, 2015
With all the recent news and attention on world events the concept and concern around privacy has increased over the last several years.  There seems to be a lot of confusion around the concepts of privacy and security.  It has been developing that many people and organization attempting to promote privacy are considering them synonymous.  In reality, they are two separate issues that can work together or may be mutually exclusive.

Of Scannings and Statistics

August 22, 2014
We have been engaged in scanning of the internet for its better health for over a year (we started with a few, then grew to a dozen).  The decreases in abusable systems has dropped significantly in several areas.  We have also had an inadvertent effect of identifying networking misconfiguration on many networks which has helped improve the stability and security of those organizations.

The scannings will continue until the Internet improves

March 28, 2014
The news and our networks have been full of articles and packets related to the different UDP amplification attacks that have been ongoing.  We and several other researchers have been looking at this problem for a while and while there are not any easy solutions we can at least make network owners more aware of the issues that we can see on their networks from the outside. This has led to some interesting results, most of which are not pleasant.

Surprise! You have ntp!

March 26, 2014
Shadowserver added a new set of reports to all of those who have signed up to receive information about their networks.  The report is the culmination of months of work figuring out how to reliably scan the Internet for potential Distributed Denial of Service (DDoS) amplification.