my next thing to block at the zoo

cashewShodan is a list of things making up the internet (brands of router etc) and some of those can be exploited.

The zoo is fairly good at security and we are not running a crappy ancient  intel pppoa modem supplied by British telecom but whenever turn up there’s a lot probes afterwards that failtoban (my blog) have to deal with.

So the thinking is the less shodan can see or the more ancient the listings for our ranges then the harder it is for others. Its not an question of them stopping it, by all means do scan the zoo for problems but dont let me catch me doing it.

So the firewall got a new section, called shodan since i am boring and if at some stage on the future i forget why then i know what it is supposed to be after all ranges do get cleaned up.  It consists of

ip route add prohibit [de]
ip route add prohibit [us cloudflare]
ip route add prohibit [us cloudflare]
ip route add prohibit [][us]

The 162.159.24* ranges are nameservers and www,the 188.138 /24 subnet was my first range when a probe from shodan was first seen, then after that is when 66.240 turned up.

malletI kind of do /24 blocking when i see problems from a subnet so there may be friendly fire from other legitimate things which is somebody elses problem.  So maybe i am indiscriminate but i found a new range.

Maybe shodan has legitimate uses but i am not debating that but its general use leaves something to be desired.

ip route add prohibit [us]

Also seems to identify as shodan in a grep of my logs so i guess me and shodan are going to have a bit of fun while others on shodan’s ips have a few issues.

isabellHell this is fun, i have a cron job* setup when. [de]

Comes to my attention next which rings a few bells from above with 188.138 which i have mentioned. So i dig for the string census
census6 now [duplicate]

There is a range of isp’s here and it seems complaining to cloudflare will achieve nothing as and do the probing.

Anyhow what you do with this information is up to you. It will probably change but if your aware of things thats not a huge problem.

updated November 2015

However i would not want to be in those ipv4 ranges.
* grep shodan /var/log/mail.log /var/log/auth.log /var/log/daemon.log

5 responses

  1. Pingback: changes so it is mallet time | Bananas in the Falklands

  2. Pingback: Shodan’ed – Konica Minolta bizhub C224 owners are clueless and shodan does not care | Bananas in the Falklands

  3. Pingback: on the loose again | Bananas in the Falklands

  4. Pingback: a spotting in the wild. (co hosted with David Attenborough) | Bananas in the Falklands

by golly but...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s