The Long Tail of the Internet (the shodan firehose talk)

Presented at ToorCon San Diego 14 (2012), Oct. 20, 2012, 6 p.m. (50 minutes)

Shodan is commonly known for allowing users to search for banners displayed by a short list of services available over the internet. Shodan can quite easily be used for searching the internet for potentially vulnerable services to exploit, but it's also a powerful defensive posturing tool as well as the first step in aggregating wide scopes of data for mining. Everyone knows routers, switches and servers are connected to the internet - but what else is out there? Has anybody even looked? I suspect people stop after the popular searches and forego what's left. Did you know there are hydrogen fuel cells attached to the internet? Some of my findings were pretty surprising, and these discoveries are an excellent metric for identifying how successful our security campaigns as an industry are. It's a way to measure our success as a whole, by scanning the entire internet. I'll be describing the projects I've done in the past that correlate with this sort of research, discussing some train-of-thought discoveries that I've made then going on to describe my first experiences with mining shodan, and sharing the scripts I wrote to do that - which I'll be releasing for public use. I'll also be using the results of that research to describe how we can, as an industry, measure how successful our campaigns are and how to turn these datapoints into a measurable metric for watching the flow and ebb of whats connected to the internet. The audience will learn how to search shodan to glean information relevant to their market and business. They will understand how they can gain information without subverting policy such as "You're not allowed to run the port scanner on the production network, in any way shape or form" - in this case someone else has done that, and the results are on the internet already. Shodan is instrumental in penetration tests and information gathering when covertness is key. Shodan is further useful because of the python API made available, where scanning and result analysis can be fully automated.

Presenters: