[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Guerilla researcher created epic botnet to scan billions of IP addresses
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2013-03-21 5:12:25
Message-ID: alpine.DEB.2.02.1303210012110.18858 () infosecnews ! org
[Download RAW message or body]

http://arstechnica.com/security/2013/03/guerilla-researcher-created-epic-botnet-to-scan-billions-of-ip-addresses/

By Dan Goodin
Ars Technica
March 20 2013

In one of the more audacious and ethically questionable research 
projects in recent memory, an anonymous hacker built a botnet of more 
than 420,000 Internet-connected devices and used it to perform one of 
the most comprehensive surveys ever to measure the insecurity of the 
global network.

In all, the nine-month scanning project found 420 million IPv4 addresses 
that responded to probes and 36 million more addresses that had one or 
more ports open. A large percentage of the unsecured devices bore the 
hallmarks of broadband modems, network routers, and other devices with 
embedded operating systems that typically aren't intended to be exposed 
to the outside world. The researcher found a total of 1.3 billion 
addresses in use, including 141 million that were behind a firewall and 
729 million that returned reverse domain name system records. There were 
no signs of life from the remaining 2.3 billion IPv4 addresses.

Continually scanning almost 4 billion addresses for nine months is a big 
job. In true guerilla research fashion, the unknown hacker developed a 
small scanning program that scoured the Internet for devices that could 
be logged into using no account credentials at all or the usernames and 
passwords of either "root" or "admin." When the program encountered 
unsecured devices, it installed itself on them and used them to conduct 
additional scans. The viral growth of the botnet allowed it to infect 
about 100,000 devices within a day of the program's release. The 
critical mass allowed the hacker to scan the Internet quickly and 
cheaply. With about 4,000 clients, it could scan one port on all 3.6 
billion addresses in a single day. Because the project ran 1,000 unique 
probes on 742 separate ports, and possibly because the binary was 
uninstalled each time an infected device was restarted, the hacker 
commandeered a total of 420,000 devices to perform the survey.

[...]


______________________________________________
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org
[prev in list] [next in list] [prev in thread] [next in thread]