News & Insights

Topic: Technology

Changes in Sinkhole and Honeypot Report Types and Formats

April 1, 2021
Over the years, Shadowserver’s report list has grown considerably from when we originally started. When some of these reports were originally set up, the requirements were different to those needed today. We have therefore decided to implement changes with some of the existing report types, especially those related to our sinkholes and honeypots, as well as remove some legacy reports. Changes will come into effect on 2021-06-01. On that day, the old reports will cease and only the new equivalents will be sent out. Until that time, starting 2021-04-05 both the old reports and new reports will function in parallel.

UK Foreign, Commonwealth & Development Office funds Shadowserver surge in Africa and Indo-Pacific regions

March 18, 2021
Can you help Shadowserver sign up more countries/networks in Africa and the Info-Pacific to receive our free daily network reports and help secure the Internet? We are running a UK FCDO funded surge in Feb/March 2021, aimed at increasing outreach and expanding our honeypot sensor network in those regions. We are seeking introductions, contacts and hosting so please get in touch if you can help us achieve these goals.

Scanning for Accessible MS-RDPEUDP services

January 25, 2021
We have started daily IPv4 /0 scanning for exposed MS-RDPEUDP instances on port 3389/UDP. Aside from the usual risks associated with exposing RDP services to the Internet, this UDP extension of the popular RDP services has been found to be susceptible to amplification DDoS abuse with an amplification factor of over 84. Over 12 000 instances of MS-RDPEUDP have been found to be accessible on the IPv4 Internet.

The Data Center is Moving to its new Home

July 31, 2020
The Data Center is moving and we expect to be down from 2020-08-14 (Friday) to 2020-08-18 (Tuesday).  This will impact all of our services except incoming email.  Most of our data collection system will remain functional, but we will have no way of importing and reporting anything.  In fact, all reports will be suspended until we come back up.

Accessible Radmin Report - Exposed Radmin Services on the Internet

July 7, 2020
We have recently enabled a new IPv4 Internet-wide scan and report for accessible Radmin services on port 4899/TCP. Radmin is a remote access software product commonly in use today. Our daily scans uncover around 50,000 accessible Radmin services on port 4899/TCP. While Radmin is in general considered a secure mechanism for remote access, care should be taken as with all similar types of services to ensure no misconfiguration has taken place.

Accessible CoAP Report - Exposed Constrained Application Protocol Services on the Internet

June 24, 2020
We have enabled a new scan for exposed CoAP (Constrained Application Protocol) devices on port 5683/UDP. The scan has uncovered around 460 000 exposed CoAP services that can be potentially abused for CoAP amplification DDoS attacks. These services may also leak information or expose other vulnerabilities. This is the third IoT scan implemented as part of the EU CEF VARIoT project.

Open IPP Report - Exposed Printer Devices on the Internet

June 10, 2020
We have enabled a new scan dedicated to finding open IPP (Internet Printing Protocol) devices exposed on port 631/TCP. The roughly 80,000 devices uncovered as a result of the scan have connected to the Internet without adequate access controls or authorization mechanisms in place. This could allow for a potential range of different types of attacks, from information disclosure and service disruption/tampering, to, in some cases, remote command execution. Results of the scan are collected in the new Open IPP report. This is the second scan enabled under the EU CEF VARIoT project.

Our Data Center has a New Home

May 17, 2020
As planned, we have spent all of April talking to potential hosting and colocation providers about providing space for our new Shadowserver data center, including following up with everyone who had already contacted us to offer assistance. We have completed the review of all of our options and have signed a contract for a new home for our Data Center.

The Shadowserver Foundation Threat Report: A Spotlight on Africa

April 30, 2020
This blog is the first in a series in which we will take a look at different world regions in order to demonstrate what taking a more holistic view of our data can reveal - starting with the African continent. The derived insight helps us better drive our outreach activities and hopefully allows National CSIRTs in the region, as well as numerous other authorities/partners and private enterprises, to enhance their incident response coordination and share information from our public benefit victim remediation network reports with local communities in a more effective manner.

New Data Center Requirements - Can You Help Host Shadowserver?

April 22, 2020
Shadowserver urgently needs to move our current data center by August 2020. We are blogging our data center requirements for hosting and colocation providers, or other companies who might be able to help provide a new home for our public benefit services for the global Internet. Please reach out and get in touch if you can help.