Threat Level: green Handler on Duty: Tom Webb

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Using Shodan Monitoring

Published: 2019-05-21
Last Updated: 2019-05-21 00:34:29 UTC
by Tom Webb (Version: 1)
3 comment(s)

Back in March, Shodan started a new service called Shodan Monitor(1). What this service does is notify you of ports that are open on the network you  specify. When you initially setup your network, you put in your CIDR to monitor and then select notification triggers where you will get emails for any of these categories that show up on the specified network.   In the notification emails, you get a link to be able to whitelist systems. I’m finding that the uncommon ports to be chatty for large networks, and tend to whitelist many of these.




They have a heat map that shows you what hosts has the most open ports.  You can hover over them and see what system have the largest footprint on the Internet.




The Initial dashboard shows you the top port breakdown, notable ports and possible vulnerabilities for your networks you are watching.





While this list could be useful, it’s only gathering these details based on banner information, which web applications have lots of backported patches which make this less valuable for web.





While you can and should script this within you organization using Nmap, this is great way to validate and see what attackers are seeing from outside with little effort. Has anyone found other cool uses of this service yet?




Keywords: Shodan
3 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

CVE-2019-0604 Attack
May 20th 2019
1 day ago by Tom (1 comment)

Is Metadata Only Approach, Good Enough for Network Traffic Analysis?
May 19th 2019
2 days ago by Guy (0 comments)

The Risk of Authenticated Vulnerability Scans
May 16th 2019
6 days ago by Xme (2 comments)

View All Diaries →

Latest Discussions

McAfee - Trenmicro - Symantec Breached by Fxmsp hackers
created May 14th 2019
1 week ago by DrGreen (0 replies)

Domain registration date plugin for email?
created Mar 30th 2019
1 month ago by Anonymous (1 reply)

Run Extracted binaries from mirror traffic on cuckoo
created Feb 6th 2019
3 months ago by ching (1 reply)

Another sextortion email
created Feb 5th 2019
3 months ago by Anonymous (0 replies)

Two-factor authentication: Why do I need it? What are the best apps?
created Jan 27th 2019
3 months ago by Russell (0 replies)

View All Forums →

Latest News

View All News →

Top Diaries

Wide-scale Petya variant ransomware attack noted
Jun 27th 2017
1 year ago by Brad (6 comments)

Using a Raspberry Pi honeypot to contribute data to DShield/ISC
Aug 3rd 2017
1 year ago by Johannes (13 comments)

Second Google Chrome Extension Banker Malware in Two Weeks
Aug 29th 2017
1 year ago by Renato (0 comments)

Detection Lab: Visibility & Introspection for Defenders
Dec 15th 2017
1 year ago by Russ McRee (2 comments)

Maldoc with auto-updated link
Aug 17th 2017
1 year ago by Xme (2 comments)