Scans in Internet

by Jonathan Nicholas on November 8th, 2017
in Background, IOT

Scans in Internet
 

Further from reading about the IOT (see previous post) I was interested in how many scans there were of people trying to get into devices.  I started to look at telnet and SSH protocols, which you can use to connect to a device.

I used a Raspberry Pi I had in a drawer, like you do, and I connected it to the Internet and watched to see if any one tried to connect.  I reckoned in a day you might get a couple of connection attempts; boy was I wrong!

First I got out the old Raspberry and fired it up.  It has Debian 7 (wheezy) which is a bit old but what the hell.  The idea for this expreiment was to keep it isolated from the rest of our network and reinstall the thing when I had finished.  I installed the following:

  • telnet
  • snmp
  • ssh
  • tcpdump
  • rsyslog logging to a Linux box I have with Splunk

The router we have from our provider (A1 Telecom) allows you to create a DMZ, so I put the device there and left it overnight.  The next day I took a look and was pretty blown away:

Telnet:  in 17 hours there wwere 28,000 attempts to connect from 360 different IP addresses.
SSH: there were 711 failed login attampts from 71 different addresses
SNMP: only 4 hits

To do:  Analyse where they came from.  Picked a few adresses at random for the telnet attempts and most were in Brazil.

Internet of Things

by Jonathan Nicholas on April 13th, 2016
in IOT

Intel have an introduction to the IoT here.  Says that the 2,000 million objects in 2006 will grow to 200,000 million objects in 2020.   Wonder how many are connected to the Internet? remember that there are only 3,700 million allocated IPV4 addresses.

Rapid7 and the University of Michegan run Project Sonar which scans the internet.  They have found 11 million ftp sites available, wow that does seem a lot.  3.5 million are in the USA and, perhaps more surprisingly, 800k are in Germany.  Also 9.9 million hosts are open on poert 22 SSH.

1 2