[HN Gopher] Check if your IP is exposing any ports. If you see 4... ___________________________________________________________________ Check if your IP is exposing any ports. If you see 404 page, nothing is exposed Author : susam Score : 269 points Date : 2020-09-22 17:36 UTC (5 hours ago) (HTM) web link (me.shodan.io) (TXT) w3m dump (me.shodan.io) | tyingq wrote: | I get 401/Authorization Required. Hrm. Something else to add to | my list. | novaleaf wrote: | Is there any service like this, but can show details for the IP | address even if no services are detected? | | like for my home IP address, I get 404. It would be nice to use a | service that can tell me whatever is known about the ip (geo, | hostnames, etc) | Wowfunhappy wrote: | Huh, port 80 is open. That's bizarre. It's closed on the router. | | What should I do? | | Edit: Oh, I see, I have to actually click the link... that gives | a "Forbidden" message. | | Edit2: And only works locally. | pengaru wrote: | If you're seeing a "403 Forbidden" status code, the port is | _open_ and the status code is coming back at the application | level from a web server. | | Which leaves you open to attack if the web server has | vulnerabilities. | Wowfunhappy wrote: | Thanks for confirming. It seems to only work on my local | network (ie not on my phone if I disconnect from wifi), so I | think all is well. Not entirely sure what shodan was seeing, | but I suspect it's IP rotation (I haven't had this IP for too | long). | why-el wrote: | probably IP rotation by the ISP? | | Edit: saw your Edit. :) | Just1689 wrote: | Just check your home IP from your phone (off wifi). A friend | found port 80 was open on the public IP and closed on the | LAN.... | twelfthnight wrote: | For others seeing 403 Forbidden: | | Check if you are on a VPN as I was seeing 403 Forbidden while | on the VPN and 404 when I turned if off. | achillean wrote: | Yes, we block access to the website from known VPNs/ Tor/ | proxies/ cloud | 3dbrows wrote: | I believe Netcraft still produce this sort of report on a monthly | basis and use it to record (among other things) the relative | popularity of webservers. At least, they did when I worked there | many moons ago; and they monetised such technology. Biggest | hurdle isn't the software or execution time: rather, it's making | an agreement with your ISP/hosting company wherein they allow you | to portscan the entire internet on a regular basis without | flagging it as abuse. | SkyMarshal wrote: | I'm a little confused on my results. I'm getting an actual | website with data on it, not a 404. However, in one of the data | boxes on the site, I get "HTTP/1.1 404 Not Found". | | Specifically, on the right side of the screen there are two | boxes. The top one is titled "Open Ports", and lists a single | port in it, 7547. | | But the box below that is titled "// 7547 / TCP /". In that box | is the text "HTTP/1.1 404 Not Found". | | So..., am I leaking port 7547, or not? (Fwiw, http://portscan.me/ | doesn't find any leaked ports, and sees my host IP as offline). | Sohcahtoa82 wrote: | Certain ISP-supplied routers listen on port 7547. It's used by | your ISP to access your router remotely to perform software | upgrades and the like. | | Of course, that's just what they claim. Your level of paranoia | that it will get hacked and trust in your ISP to not use it to | spy on you or override your own configuration is up to you. | noir_lord wrote: | My ISP was "nice" enough to supply a router that could be | flashed with DD-WRT (it's fiber (to the home) so it's just a | box on the wall straight into the router, so whats actually | running on the router is under my control). | Offpics wrote: | The same here. Without looking at Google I guess this is the | open port for ISP tech support? | mey wrote: | If you don't get an entirely white page with just | 404 Not Found The resource could not be found. | | then you are leaking information remotely (or were the last | time they scanned your IP address). It sounds like that port | was accessible at one point. | jlgaddis wrote: | The service running on that port is for remote management by | your ISP [0]. Just like damn near everything else nowadays, it | uses HTTP and the 404 status is being returned by the web | server running on that port. | | --- | | [0]: https://en.wikipedia.org/wiki/TR-069 | wazoox wrote: | For years I've been using the grc.com port scan, it always served | me well :) | bhartzer wrote: | Looks like it's showing that port 4567 is open. Is that something | that I need to close? | noja wrote: | Give my ip to Shodan? No thanks - is this the company that joined | the ntp pool to collect ipv6 ips? | | Edit: yep https://arstechnica.com/information- | technology/2016/02/using... | wil421 wrote: | They have already crawled your IP. | Twixes wrote: | They don't need your IP, they've already got it. They scan all | of IPv4 around the clock. | Jimmc414 wrote: | This looks like a great service. Thank you. | | > Shodan has servers located around the world that crawl the | Internet 24/7 to provide the latest Internet intelligence. | | That needs to sink in for anyone ever allowing themselves to | believe the fallacy that they can slip under the radar with a | security vulnerability or sleeping soundly with security by | obfuscation. You aren't a computer port hiding on one specific | computer on the internet, you are data trying to hide in a | relational database. | lima wrote: | Nah, Shodan is just scanning a small subset of ports. Just move | your vulnerable server to a random port and it won't find it! | /s | divbzero wrote: | Does IPv6 reduce the feasibility of full Web port scans? If so | that to me would be a compelling reason to use IPv6 beyond | "it's the right thing to do". | jimrandomh wrote: | Yes, it does. | lostlogin wrote: | I'm not sure how this works but there is something odd about it. | If I connect from a VPN it shows results from my public IP, not | the VPN server's public IP. It does this on multiple VPNs, | despite my traffic going over the VPN. Is it caching some device | identifier? | | Edit: weird, if I connect the VPN then open a private browser tab | it then checks the VPN IP. A simple refresh of the tab once VPN | is up doesn't work. | | Edit 2: I'm an idiot. I just noticed the page URL. | wnevets wrote: | I've always been a fan of ShieldsUP! | | https://www.grc.com/shieldsup | sidewndr46 wrote: | I think I've heard of this before but never actually used it. | It is interesting because it misses the ports I have that are | wide open, maybe it doesn't scan all ports. Also, I run some IP | block whitelists for ports under 1024. So they must be scanning | from outside the regions I allow traffic on those ports from. | wnevets wrote: | Service Ports is the first 1056, you can also fill in | specific ports you want to check. | hamburglar wrote: | Wow, I haven't thought about GRC in a long time. I've always | thought the guy was somewhat of a crackpot/sensationalist/self- | promoter because he seemed to have a standard recipe of finding | some interesting-to-him feature/aspect of a system and then | declaring it a glaring security problem and then writing | sensationalized screeds about how everyone needs to use his | utilities to protect themselves from it (I swear, he probably | shouted about the world ending because of XP raw sockets for a | decade longer than it was even relevant). I kind of liked SQRL | as a concept but I also remember thinking, "ugh, but it's _this | guy_ ". He seems to have a decent amount of technical knowledge | but a lot of what he writes just seems to be about a need to be | considered an expert at something, aimed at people who don't | know any better. Just as an example, the idea of people | referring to his web page [1] to validate the cert fingerprints | of popular websites is ... really bizarre from a security | standpoint. I understand him having concern (as do many of us) | about the security of the CA hierarchy, but where did _he_ get | the fingerprints? How did he validate them? And why should | anyone trust him to have done so? Is his web page more secure | than the CAs? | | [1] https://www.grc.com/fingerprints.htm | | ... but I digress. Apparently I have some very strong | skepticism of Steve Gibson that I wasn't even aware of until I | had a visceral reaction to ShieldsUp! (which is probably a | perfectly fine service) :D | [deleted] | anon776 wrote: | If that link does not work, just click on the "what does shodan | know" link on this site. http://dwerp.io | | Turns out the port my DVR was on was in their DB.. Guessing I was | owned at one point. | lisper wrote: | Told me I have port 1723 open, which was a surprise. But it did | NOT tell me that I have port 22 open, which I do. False negatives | are a serious problem for a service like this, much more serious | than false positives. | xoa wrote: | Have you had port 22 open for a while, and continuously? It's | using cached results not an active scan. False negatives though | would definitely be worse in this application. | | Also at least for me it shows nothing while I do have ports | open, but that's because I whitelist limited IP ranges or | single IPs for ports rather than just opening them up to the | net in general. I have a VPS Wireguard bastion I bounce through | for remote LAN access. That itself is a good reminder though | that it's a limited tool, if a system in my whitelisted range | was compromised it'd suddenly have more options, and conversely | if I already had something lazy or malicious (maybe IOT, | compromise or both) running on my network that was being | careful about what it talked to a port scan alone wouldn't | necessarily root it out. | | Still a potentially useful high level pass for low effort, | could make one aware of some surprise devices or fat finger | mistakes or the like. But "If you see 404 page, nothing is | exposed" is overstating it. | lisper wrote: | > Have you had port 22 open for a while, and continuously? | | Yes. | | > "If you see 404 page, nothing is exposed" is overstating | it. | | Exactly. | sushisource wrote: | Yeah, it's definitely missing some stuff, at least. I have a | port open for WireGuard VPN traffic that it completely misses, | but that's UDP so maybe that's why. | ReverseCold wrote: | It shouldn't be able to find WireGuard ports. WireGuard drops | all traffic that isn't from a key it trusts, so it's | impossible to tell if you have WireGuard running on a port. | tru3_power wrote: | Had a similar occurrence, have a port open for some testing I'm | doing and it did not report it. | lisper wrote: | That is unsurprising. It doesn't check in real time, it | checks periodically and caches the results. But my ssh is | obviously running continuously so it really should have | caught it. | | It _did_ catch port 22 on another IP address that I have. | this_user wrote: | This seems to be largely useless if you have a dynamic IP. | According to the scan, I have FTP and HTTP open, but I just | double checked, and that is definitely not the case. | sdflhasjd wrote: | So, as someone else mentioned, it appears to show historical | records, I'm not sure what the TTL on these is, but some of the | open ports on my dynamic IP are from previous "owners" of the IP, | aren't actually open any more. | | For the HTTP/S ports, it displays the response headers, including | timestamp, so I went through my access logs and found the record, | if anyone is curious: 71.6.165.200 - - | [xx/Sep/2020:xx:xx:xx +0000] "GET / HTTP/1.1" 200 612 "-" | "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like | Gecko) Chrome/41.0.2228.0 Safari/537.36" 71.6.165.200 - - | [xx/Sep/2020:xx:xx:xx +0000] "GET /robots.txt HTTP/1.1" 404 163 | "-" "-" 71.6.165.200 - - [xx/Sep/2020:xx:xx:xx +0000] "GET | /sitemap.xml HTTP/1.1" 404 163 "-" "-" 71.6.165.200 - - | [xx/Sep/2020:xx:xx:xx +0000] "GET /.well-known/security.txt | HTTP/1.1" 404 163 "-" "-" 71.6.165.200 - - | [xx/Sep/2020:xx:xx:xx +0000] "GET /favicon.ico HTTP/1.1" 404 135 | "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) | Gecko/20100101 Firefox/80.0" | comonoid wrote: | I've tried https://beta.shodan.io/host/127.0.0.1 , it returns | 404. Obviously, it is not true! | withinrafael wrote: | For those a bit confused: This subdomain redirects to | https://beta.shodan.io/host/$YOUR_REMOTE_ADDR. This runs a search | against their _existing_ database of information. Shodan has an | army of bots that crawl the entire Internet and stores what it | finds along the way. Folks generally pay Shodan for access to | these notes. | | The site returns various HTTP error codes based on the results of | that lookup, or shows a fancier page with open ports and other | information it has on that IP address. (Example: | https://beta.shodan.io/host/1.1.1.1) | | There is no active scan occurring here. (But you could be hinting | to Shodan that these particular IPs are valid though!) | achillean wrote: | We don't retain web logs and the way users interact with Shodan | doesn't change the way Shodan crawls the Internet. I.e. using | the website/ API doesn't change how we look at the Internet. | RL_Quine wrote: | If you want active scanning, http://portscan.me/ will do a | reverse nmap port scan of whatever requests it. | vit05 wrote: | "Access Denied! Your address is blacklisted. More information | about this error may be available in the server error log." | | What should I do? | simonklitj wrote: | Got the same message. | mcny wrote: | here's a portscan.me if you are getting forbidden and just | want to see what a result looks like Scanning | {ip} for interesting ports on 2020-09-22 20:14:00 CEST... | This may take a short while. Starting Nmap 5.21 ( | http://nmap.org ) at 2020-09-22 20:14 UTC Initiating | Ping Scan at 20:14 Scanning {ip} [2 ports] Stats: | 0:00:01 elapsed; 0 hosts completed (0 up), 1 undergoing Ping | Scan Ping Scan Timing: About 50.00% done; ETC: 20:14 | (0:00:01 remaining) Stats: 0:00:02 elapsed; 0 hosts | completed (0 up), 1 undergoing Ping Scan Ping Scan | Timing: About 50.00% done; ETC: 20:14 (0:00:02 remaining) | Stats: 0:00:03 elapsed; 0 hosts completed (0 up), 1 | undergoing Ping Scan Ping Scan Timing: About 99.99% | done; ETC: 20:14 (0:00:00 remaining) Completed Ping | Scan at 20:14, 3.00s elapsed (1 total hosts) Nmap scan | report for {ip} [host down, received no-response] Read | data files from: /usr/share/nmap Note: Host seems down. | If it is really up, but blocking our ping probes, try -PN | Nmap done: 1 IP address (0 hosts up) scanned in 3.07 seconds | The scan was performed from 89.186.169.101. Best regards | gigahost.dk | | -- | | OP's link archived from archive.fo | | https://archive.fo/72cS5 | tzs wrote: | I'm still confused, because "curl -D - | https://beta.shodan.io/host/$ALIP" where $ALIP is the IP | address of my Amazon Lightsail instance, gives different | results depending on where I do it from. | | If I do that query from home, it correctly tells me that 22, | 80, and 443 are open. If I do that query from the Lightsail | instance itself, I get 404. I also get 404 if I do it from | work. | nash wrote: | Same IP? Don't forget your instance has different public and | private IPs. | achillean wrote: | Are you sure it's a 404 and not a 403? We block access to the | website from the cloud so you're probably getting blocked. | tzs wrote: | Oops...you are right. | [deleted] | withinrafael wrote: | Strange! Maybe they have Amazon compute resources on a list | and respond differently to avoid abuse? If they don't pop in | here, maybe ping @shodanhq on Twitter. | xoa wrote: | > _(I wouldn 't rule out that you may be hinting to Shodan that | these particular IPs are valid though!)_ | | For those of us on IPv4, eh. Only 4 billion addresses, and with | a lot of that itself tied up in various large /8s to a few | specific organizations many of which can be assumed to be | beyond casual level, it's just no longer a real haul to scan | everything all the time at a basic level. Plus for those of us | browsing from our main address we're leaving a trail all over | the web anyway through a host of poorly secured servers. So I | while I don't disagree it's worth thinking about information | leaks and honey pots and the like whenever dealing with infosec | in any way, in this specific case I also don't think this | reveals anything of significant value. | nycdatasci wrote: | Supporting your point: With zmap (https://zmap.io/) you can | scan IPv4 in 45 mins using a 1 Gb pipe, or in 5 mins on a 10 | Gb pipe. | H8crilA wrote: | Wait, why does a port scan need to transfer > 30 GiB of | data? | | Or do you mean all of IPv4? | JustFinishedBSG wrote: | All of the internet yes | Fnoord wrote: | Full UDP range? | reidjs wrote: | I have quite a few ports open on my webserver (22, 8080, 80, 443, | 444, 81), but the thing is I use them regularly for SSH, serving | a website, etc. Is it bad that they are getting picked up by this | service? | userbinator wrote: | If you know that they're open, that's different from thinking | you don't have any open ports when you do, which is probably | what this is supposed to tell you about. | deathgrips wrote: | It's only bad if the services running on those ports are not | secured. | jlgaddis wrote: | > _Is it bad that they are getting picked up by this service?_ | | Only if you are relying on no one knowing they're open as a | "security feature" (a.k.a. "security by obscurity"). | | If you aren't worried about anyone "finding" them because | you've taken the time to secure the services then there's | absolutely no reason at all to care that this exists. | [deleted] | donatj wrote: | It's interesting that they didn't find the port 22 nor 80 or 443 | I'm exposing among others, I just get a 404. | nothasan wrote: | There is also Censys[0] and ZoomEye[1] which offer a similar | service. From my experience these two offer more/better data. | | [0] https://censys.io/ [1] https://www.zoomeye.org/ | Santosh83 wrote: | I had Caddy server running and port 80 was open, but the scanner | also said port 53 was open. After quitting Caddy apparently both | ports are now closed. Any reason for Caddy to open port 53? | geocrasher wrote: | 53 is DNS, so it is likely listening on port 53. Perhaps it | runs a local DNS cache, but its firewall allows outside | traffic. It might even try to provide DNS for ACME DCV. | kej wrote: | Are you using a DNS plugin with Caddy? | Santosh83 wrote: | Yes I think I may have opted to include the cloudflare-dns | plugin when downloading Caddy. Perhaps it opens port 53 even | though it isn't actually being used? Or perhaps Caddy's | automatic HTTPS provisioning logic does this... | jagger27 wrote: | Just Minecraft. Cool to see how much it knows about the Minecraft | server protocol. It even marked how many players were on when it | was scanned. | Abishek_Muthian wrote: | Does it require login to force an update? I have a dynamic IP and | it shows a open port (possible router management) of another user | updated couple of weeks back. I understand that the cached | results provide faster results, but does it make sense to cache | results for dynamic IPs? | ficklepickle wrote: | This is timely. I just found out, last night, that my shitty ISP | router was exposing the management interface to the whole | internet. It was dumb luck that I stumbled across it. I had to | port forward 80/443 to nowhere in order to make it stop. Time to | get a dumb modem. | slicktux wrote: | May I recommend GRC.com's shields up as an alternative... | Cyphase wrote: | https://www.grc.com/shieldsup | Fnoord wrote: | WireGuard default UDP port is open on my home router. This | website says 404. Why? Because the scans don't scan full UDP port | range, is my guess. I trust this with regards to TCP. | gnyman wrote: | Yeah, It does not scan all ports, just a select thousand or so, | and 51820 does not seem to be among them | sjy wrote: | "One design goal of WireGuard is to avoid storing any state | prior to authentication and to not send any responses to | unauthenticated packets. With no state stored for | unauthenticated packets, and with no response generated, | WireGuard is invisible to illegitimate peers and network | scanners." https://www.wireguard.com/papers/wireguard.pdf | jszymborski wrote: | Just changed ISP/router and noticed that 7547 is open (which | hasn't been the case in the past). Looks like ISPs use this for | remote management? | CTrox wrote: | Noticed the same thing, that port is mostly associated with | [CWMP](https://en.wikipedia.org/wiki/TR-069). | kube-system wrote: | Alternatively, if you see a 404 page, and you have ports open, | your IP block lists are working correctly :) | myself248 wrote: | GRC's ShieldsUp! has been operating since fall of 1999, in case | anyone else was wondering. | Cyphase wrote: | https://www.grc.com/shieldsup | [deleted] | teekert wrote: | Wow it tells me how many people are on my minecraft server. I | couldn't even find that easily (didn't look too close yet). | Anyway, a bit worrying because I leave the whitelist off when my | sons friends want to join. | nxpnsv wrote: | Wonder if I could let my server ports change regularly in a | pseudo random sequence... | andrewveitch wrote: | You are unexposed in Scotland. Unlike me in my kilt. | cjbprime wrote: | Bonus challenge: Use WebRTC to find the internal IP of the | connecting device, then use DNS rebinding to port scan the device | itself and report those open ports :) | xmly wrote: | 500 | bognition wrote: | I collaborated with Shodan at a previous job and loved working | with them. They've built a really solid product that has come a | long way. It's a great story of a side project evolving into a | massively important resource. | igama wrote: | The free page securityrating.io from BinaryEdge also provides | that information. | | For more complex queries about what is being exposed on IPs | worldwide (IPV4 and IPV6) You can register a free account on | app.binaryedge.io. | | (Disclaimer: I'm part of the BinaryEdge team) | t0mbstone wrote: | Actually, ideally you wouldn't even see a 404 page. Your web | browser should just time out when attempting to find the url. | | If you are seeing a 404 page, that means that a web browser is | listening on port 80 and received the request and is responding | with a 404 page. That's not a good thing! | MaxBarraclough wrote: | It's referring to what happens if you go to | https://me.shodan.io/ | merlinscholz wrote: | That's not how it works. It requests the last port scan results | for your IP from shodan's servers. | everfree wrote: | Your browser isn't connecting to your own IP, it's connecting | to a shodan.io server which looks up your IP in their own | database. | | Of course Shodan's web servers are always listening on port 80, | just like with all websites. | Apofis wrote: | Can anyone tell me why server_tokens would be on by default in | Nginx? Why would it be a standard default practice to disclose | what version your goddamn web server is? | | Why is SSHD disclosing its goddamn version too?! | tprynn wrote: | By itself, disclosing version information provides little to no | security consequence. If you are using an outdated, vulnerable | server version, you will be exploitable regardless of whether | you present a version number in the vast majority of cases. | Attackers don't care whether you present a specific version | number before attempting exploits in most cases (unless the | exploit has a risk of crashing the service). And if you do have | an exploit which depends on a specific version, most likely you | can figure out the version without a version number anyway. | Hiding version numbers probably does more work to hurt | defenders (who want to easily scan and identify outdated | software without attempting exploits). | garblegarble wrote: | It's always occurred to me that you'd use evolving version | data from an aggregator like shodan to build a picture of how | up-to-date people keep their software, that way when a new | vulnerability hits you have a prioritised list of IPs that | haven't updated in a timely manner in the past, rather than | wasting cycles trying to exploit auto-updating hosts | silverfox17 wrote: | Pretty much every service by default discloses version numbers. | ipnon wrote: | A creepy name for a startup | | https://en.wikipedia.org/wiki/SHODAN | spapas82 wrote: | Shodan (from System Shock) was one of the best villains in the | history of computer games! | achillean wrote: | One of my favorite games and I picked the name as an homage | to my favorite game where you play a hacker. And to be fair, | I didn't think that Shodan would become as it has when I | first launched the website. | tzs wrote: | How is it so fast? | | When I do it from home I immediately get a 404. It was so fast I | assumed that the site got overwhelmed by people trying it and it | was down. | | But then I tried it but changing the URL on the 404 from | https://beta.shodan.io/host/<home_ip> to | https://beta.shodan.io/host/<lightsail_ip>, giving the IP of my | Amazon Lightsail instance. It almost instantly told me 22, 80, | and 443 were open. | | Edit: ...but if I try either of those actually from my Lightsail | instance, they both get 404!? | igama wrote: | Check the timestamp of the results ;) | can16358p wrote: | It was extremely fast for me too. But I'm behind a CGNAT, which | explains nothing being found and (if it's caching) why it's so | fast. | everfree wrote: | The results are cached: | | > Shodan has servers located around the world that crawl the | Internet 24/7 to provide the latest Internet intelligence. | riffic wrote: | By "the Internet" they mean the IPv4 space, right? There are | _only_ 3.681 billion public IPv4 addresses so it 's a trivial | problem to scan them all at a suitably parallel scale. | | the v6 address space, on the other hand... | _salmon wrote: | They're working on scanning IPv6 as well. They got in | trouble a few years back after they were observed | harvesting IPv6 addresses by running a public NTP | server[1]. | | [1] https://arstechnica.com/information- | technology/2016/02/using... | [deleted] | gowld wrote: | Hmm, maybe security via obscurity is a bad idea after | all. | ReverseCold wrote: | You can probably get a pretty good idea of the v6 space by | checking domain name registrations, certificate | transparency, logging requests from v6 addresses, etc. | nobody9999 wrote: | I guess this can be useful if you don't know what's going on with | your internet connection. | | Although the fact that the "results" are cached arguably makes | this less useful than GRC and other sites that will actively scan | your IP (range). | | And even though they provide a timestamp for the reported | information (different for different ports by 24 hours or so, at | least for me), I'd personally prefer an active scan over a | database lookup if I want to know what's going on. | | I'll go further and say that while the information provided is | absolutely useful, depending on the services you're exposing to | the Internet, there are other tools that will give you much more | useful, actionable information. | | There are rafts of online tools to check for vulnerabilities in | specific services. Notably: | | Mozilla Observatory https://observatory.mozilla.org/ | | Qualys Labs SSL test https://www.ssllabs.com/ssltest/ | | MX Toolbox Super Tool https://mxtoolbox.com/SuperTool.aspx | | And many others, including the GRC Shields Up! port scanner | mentioned in other comments in this thread: | https://www.grc.com/shieldsup | | As such, unless you're going to use Shodan services, or want to | know what information they have about you, it seems like there | are other, better tools out there. | | What's more there are tons of tools that you can run _locally_ | that will provide much more information about the devices on your | internal network, since you can run them inside your firewall. | | N.B.: I am emphatically _not_ discouraging others from using | shodan.io, nor am I claiming that it 's bad. Rather, I'm | expressing my own opinion as to how I prefer to identify and test | my internet-facing attack surface. | gowld wrote: | Mozilla's "include my site in the public results" (including | vulnerabilities) by default doesn't seem very privacy | respecting. | nobody9999 wrote: | >Mozilla's "include my site in the public results" (including | vulnerabilities) by default doesn't seem very privacy | respecting. | | Then don't use it. | | Or check the click-box. Which is what I did. | | That said, your Internet-facing IP address isn't private. In | fact, it has to be public in order to route traffic to/from | you. | | I'd note that the shodan.io site had information about my IP | address, even though I'd never used it or requested a scan. | What's more, I'm included in that database without _any_ | opportunity to opt out as the Mozilla site provides. | | And just to be clear, I have no connection to Mozilla (or any | of the other sites I mentioned). In fact, I'd never looked at | Mozilla Observatory before I started poking around for the | comment to which you replied and included it _only_ because | it had an SSH scanner. | silverfox17 wrote: | It's not generally used to assess your own attack surface - | it's mainly used to assess the attack surface of others using | their search syntax. It's a Google of vulnerable systems. | achillean wrote: | Actually monitoring your own attack surface is the most | common reason companies purchase a subscription. See: | https://monitor.shodan.io ___________________________________________________________________ (page generated 2020-09-22 23:00 UTC)