With all the noise about default passwords on Internet-connected devices, it is maybe time to revisit a 2012 paper on the Carna botnet. There were probably other even quieter ones before that and certainly default passwords have been long exploited. The Carna botnet operator went to the trouble of publishing a paper four years ago. He or she was playing around with the Nmap Scripting Engine (NSE) and discovered an amazing number of open embedded devices on the Internet. Many allowed login with empty or default credentials and were thus used to build a distributed port scanner to scan all IPv4 addresses to form a kind of census of the IPv4 Internet. The scanned data is in the public domain and available for download and analysis over Bittorrent.
IPv6 is another can of worms and the IPv4 data is thus of historical interest.
(Score: 1) by fraxinus-tree on Monday October 24 2016, @11:32AM
I wonder what kind of trouble the author went in? Anyway, a good read and a good pile of data to analyze that I didn't noticed.
(Score: 2) by JoeMerchant on Monday October 24 2016, @12:41PM
The Snowden kind of trouble, but enforced by corporations instead of governments. This is info that needs to be out there; without awareness business as usual will continue.
🌻🌻 [google.com]