How Shodan works, the search engine that allows you to find devices connected to the Internet that can be managed remotely. A tool that helps to understand how important it is to secure the local network.
It often happens that you have to clash with the management of a company that wrongly requires that remote access to some devices used internally be made as immediate as possible where, with the adjective “immediate”, we refer to the removal of any authentication procedure.
So here you are leaving open ports on the router and not adequately protecting the device, perhaps leaving the default username and password.
Some believe that simply changing the port used by the remotely accessible service helps protect themselves. Nothing more wrong.
The port scanner ( Port scanner: scan all the public IP ports) are tools that allow you to establish all incoming ports found open on more or less large groups of public IP addresses.
Sooner or later, even if the server component is listening on a port other than the standard one, someone around the world will certainly find out which port you are using.
Activating a filter on remote IPs (allowing only known addresses to connect) is certainly a reasonable move but clients should use a static address, which never changes with each connection.
What if a user needs to connect remotely using his mobile device (not necessarily a smartphone but also a shared data connection via 3G / 4G hotspot or tethering )? There the public IP will always change.
The ideal would be to set up a VPN server within your local network, be it the home, office or company network .
By connecting to the VPN server from any remote device, regardless of the public IP used by it, you can access the devices to be administered – connected to the LAN – without the need to open too many ports (just open the one to connect to the VPN server).
What is Shodan and how it works
By consulting the Shodan service , defined by its author John Matherly as ” the scariest search engine on the net “, you will realize how many devices with server functionality are constantly connected and accessible remotely by anyone.
With a few simple searches on Shodan you can find routers, webcams, NAS and industrial systems that are open and manageable remotely without the need to enter credentials or with predefined authentication data.
Not only. You can come across the administration and control panels of electrical systems, water stations, storage points, industrial installations managed by SCADA and even public systems.
Even in cases where the default password is replaced with a choice of your own, make sure you always use the latest firmware .
It is not uncommon to discover security vulnerabilities that allow remote access by unauthorized parties to devices connected to the Internet. That’s why, as recommended above, setting up a VPN is the best choice .
By using a VPN and making sure that no unnecessary ports are open on your router, you will prevent your IP address and listening services from being published on Shodan and other similar search engines.
Registration on Shodan will also allow you to use filters in any search:
city: Search for devices in a specific city
country: Search for devices in the indicated country
geo: Allows you to pass geographic coordinates
hostname: Search for hosts that match the specified text string
net : Search based on IP or CIDR
os: Search based on OS
port: Search for an open port
before / after:Search results in a particular time window
product: To search for a specific product
The advice is to search Shodan for your public IP addresses (especially if you are using static IPs).
Try to take yourself to this address , then write – in the Shodan search box – net: followed by the public IP taken previously and reported on DNSStuff next to Your IP address.
If Shodan returns any information you will have to immediately activate to avoid exposing ports on the public IP: Port scanner: scan all ports on the public IP .
The search on Shodan can be automated using the IoT Scanner tool while the Hide My Name service helps to discover any ports left open on entry on the router (click on Enter your IP address , choose at least Frequently used ports and press the green Scan button ) .
Is Shodan legal?
From a purely regulatory point of view, the Italian criminal code provides for up to three years’ imprisonment for anyone who illegally enters a computer or telecommunications system protected by security measures or in any case against those who gain access against the express or tacit will. of the operator or owner of the same system.
Connection to unprotected remote systems is therefore not punishable, unless changes are made that could damage the network infrastructure and other people’s equipment.
Indeed, it is precisely those who manage a system accessible remotely who – according to the provisions of the GDPR itself, the European regulation on the protection of personal data – is required to protect it adequately (for example by requiring the insertion of access credentials) . This is precisely because a device connected to the local network and made accessible remotely could be exploited by unauthorized third parties to spy on and steal sensitive data.
Shodan is therefore absolutely not an illegal tool while operations that a subject decides to conduct using the information obtained from the search engine can become punishable.
Shodan also shows the versions of the server component listening on the remote port : thus, a potential attacker immediately knows what vulnerabilities are possibly present in this software and can try to exploit them to do damage.
The advice is therefore to follow the instructions in the article How to make the network safe both in the company and at home by deactivating the unnecessary ports open on the incoming router (including the relative port forwarding) and paying the utmost attention to the correct management of devices connected to the local network, especially from an Internet of Things perspective.
IoT devices, especially if not properly configured, can act as a “bridgehead” to penetrate a corporate or home network.
Using a VPN and periodically updating device firmware are the best ways to avoid taking risks.