{"id":35194,"date":"2019-02-19T10:28:15","date_gmt":"2019-02-19T08:28:15","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=35194"},"modified":"2019-02-19T10:28:23","modified_gmt":"2019-02-19T08:28:23","slug":"things-that-shouldnt-be-online","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/19\/things-that-shouldnt-be-online\/","title":{"rendered":"Things that shouldn&#8217;t be online"},"content":{"rendered":"<!-- google_ad_section_start -->\n\n<p class=\"wp-block-paragraph\">Slashdot is <a href=\"https:\/\/yro.slashdot.org\/story\/19\/02\/18\/0017246\/researcher-scans-all-ip-addresses-of-austria-finds-a-ton-of-things-that-shouldnt-be-online\">running a story<\/a> about a researcher who scanned all Australian IP addresses and found a whole bunch of things that shouldn&#8217;t be online.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As interesting as it is, <a href=\"https:\/\/yro.slashdot.org\/comments.pl?sid=13422072&amp;cid=58137638\">this comment<\/a> to the thread offers a lot more:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><strong>Pffft Only one country?<\/strong><\/p><p>At a defcon talk in 2014 (<a href=\"https:\/\/www.youtube.com\/watch?v=UOWexFaRylM\">talk<\/a>\u00a0[youtube.com]\u00a0<a href=\"https:\/\/www.defcon.org\/images\/defcon-22\/dc-22-presentations\/Graham-McMillan-Tentler\/DEFCON-22-Graham-McMillan-Tentler-Masscaning-the-Internet.pdf\">slides<\/a>\u00a0[defcon.org]) they scanned the whole IPv4 space live, looking for VNC instances. At least, anything that responded to a SYN packet.<br>Then they took a couple months to connect to each VNC instance, if no password was required, grab a screen shot.<br>Leading to a series of talks of\u00a0<a href=\"https:\/\/www.youtube.com\/watch?v=hMtu7vV_HmY\">things that shouldn&#8217;t be on the internet<\/a>\u00a0[youtube.com].<\/p><\/blockquote>\n\n\n\n<figure class=\"wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe loading=\"lazy\" class=\"youtube-player\" width=\"660\" height=\"372\" src=\"https:\/\/www.youtube.com\/embed\/hMtu7vV_HmY?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\"><\/iframe><\/span>\n<\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">I am still watching the video, but even in the first few minutes, you&#8217;ll see some crazy stuff.  And let me get you started with a quick quiz question:  if you had 7 servers, each connected to the Internet via a 1 Gb\/s link, how long would it take you to scan the whole of Internet (all IP addresses), assuming 10 ports per IP?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Well, five years it took 12 minutes only, and it was done on stage at the conference!  To me, this is somewhat mind-blowing.  We keep hearing how huge and enormous the Internet is.  So the idea of being able to scan all of it in just a few minutes sounds insane.  Today, you&#8217;ll probably need even less time, with more better broadband and hardware.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">And if you are curious about the tool that the guys used, it was <a href=\"https:\/\/github.com\/robertdavidgraham\/masscan\">massscan<\/a>.  It&#8217;s a lot faster than <a href=\"https:\/\/nmap.org\/\">nmap<\/a> for this kind of jobs, even though they are somewhat compatible.<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>Slashdot is running a story about a researcher who scanned all Australian IP addresses and found a whole bunch of things that shouldn&#8217;t be online. As interesting as it is, this comment to the thread offers a lot more: Pffft Only one country? At a defcon talk in 2014 (talk\u00a0[youtube.com]\u00a0slides\u00a0[defcon.org]) they scanned the whole IPv4 &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/19\/things-that-shouldnt-be-online\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Things that shouldn&#8217;t be online<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Things that shouldn't be online #security #hosting #Internet #research ","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,6,133,62,1334],"tags":[764,281,1117,200,2289,1908],"keyring_services":[],"class_list":["post-35194","post","type-post","status-publish","format-standard","hentry","category-general","category-linux","category-sysadmin","category-technology","category-web-work","tag-internet","tag-networks","tag-research","tag-security","tag-web-hosting","tag-youtube-videos"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":7964,"url":"https:\/\/mamchenkov.net\/wordpress\/2004\/09\/27\/yet-more-scanned-pictures\/","url_meta":{"origin":35194,"position":0},"title":"Yet more scanned pictures","author":"Leonid Mamchenkov","date":"September 27, 2004","format":false,"excerpt":"I have added yet more scanned pictures to the site. Firstly, family tree was updated with many many pictures. Mostly, these are Olga's relatives (father, mother, sisters, etc). More to come. I have also dug up photographic documentation of one of the last times I was doing sports. That was\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7905,"url":"https:\/\/mamchenkov.net\/wordpress\/2004\/09\/13\/scanned-pictures-from-trip-to-malta\/","url_meta":{"origin":35194,"position":1},"title":"Scanned pictures from trip to Malta","author":"Leonid Mamchenkov","date":"September 13, 2004","format":false,"excerpt":"Since I now have a scanner, I decided to wait no longer and start practicing my mad scanning skills. I jumped into a heap of photo albums that Olga and I gathered over the years and discovered that we actually have a few pictures from the trip to Malta. We\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":166,"url":"https:\/\/mamchenkov.net\/wordpress\/2003\/03\/19\/yet-more-photos\/","url_meta":{"origin":35194,"position":2},"title":"Yet more photos","author":"Leonid Mamchenkov","date":"March 19, 2003","format":false,"excerpt":"I've added the rest of scanned photos to Photo section. Now, I am left only with few recent films which need to be scanned. Most important of all of them are the pictures from my wedding. Hopefully, I'll get them posted before my first wedding anniversary.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7909,"url":"https:\/\/mamchenkov.net\/wordpress\/2004\/09\/14\/more-of-old-photos-gypsis-bar-in-2001\/","url_meta":{"origin":35194,"position":3},"title":"More of old photos &#8211; Gypsis Bar in 2001","author":"Leonid Mamchenkov","date":"September 14, 2004","format":false,"excerpt":"I've scanned a few more of those old photos. I think am I am getting better at it now (let me know how to improve via comments). This time it is the beer drinking party in Western Saloon Gypsis Bar on the 7th of June, 2001. Anyone remembers the ocassion?\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":25090,"url":"https:\/\/mamchenkov.net\/wordpress\/2015\/12\/28\/5-aws-mistakes-you-should-avoid\/","url_meta":{"origin":35194,"position":4},"title":"5 AWS mistakes you should avoid","author":"Leonid Mamchenkov","date":"December 28, 2015","format":false,"excerpt":"\"5 AWS mistakes you should avoid\" is a rather opinionated piece on what you should and shouldn't do with your infrastructure, especially, when using AWS. \u00a0Here's an example: A typical web application consists of at least: load balancer scalable web backend database and looks like the following figure. This pattern\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"typical-web-application","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2015\/12\/typical-web-application-500x298.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":9044,"url":"https:\/\/mamchenkov.net\/wordpress\/2005\/06\/04\/family-tree-updated\/","url_meta":{"origin":35194,"position":5},"title":"Family tree updated","author":"Leonid Mamchenkov","date":"June 4, 2005","format":false,"excerpt":"It's been a long while since I lasted updated my family tree. Meanwhile, my mother has sent me a huge part (about 30 persons) of Lutso branch - complete with birth dates and pictures for some of them and my father has sent me pictures of his parents (my grandmother\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/35194","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=35194"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/35194\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=35194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=35194"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=35194"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=35194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}