Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎09-13-2020 05:00 PM
‎09-13-2020 05:00 PM

How to protect yourselves against Shodan scans?

Hi All

 

How do you protect yourselves from Shodan scans?

 

https://www.comparitech.com/blog/vpn-privacy/remove-device-shodan/

 

Blocking known Shodan scanners is a quick fix in situations where you can’t use a VPN and your devices need to be public-facing.

 

Regards

 

Caute_cautim

Reply
2 Replies
tmekelburg1
Community Champion
‎09-13-2020 08:07 PM
‎09-13-2020 08:07 PM

"Ask yourself whether your devices really need to be connected."

Every time I hear this recommended, I'm reminded of how much our industry needs to mature (along with IoT manufacturers, not just placing the blame on us). The future is almost everything in the house being "Smart". I'd rather us focus on the defense in depth model instead of being afraid of purchasing IoT devices.

"How do you protect yourselves from Shodan scans"

By conducting vulnerability scans ourselves and mitigating when possible. More time and attention should be spent on mitigating vulnerabilities on those open ports/services, not necessarily preventing the port scan to begin with. Who says the threat actors are just using Shodan? I personally use NMAP myself.
Reply
mgorman
Contributor II
‎09-14-2020 08:49 AM
‎09-14-2020 08:49 AM

I'm with you.  If your devices are on Shodan and you don't know every port they are showing, it is a failure on your part.  Blocking scanners is, possibly, a never-ending game, as they can just change addresses and keep going.  You can use the tool to check yourself, or hopefully, you have better tools at your disposal, and a level of automation to operate them efficiently.  Anyone who watches their Internet side traffic can see the scans that are nonstop, every day.  Whether it is Shodan, which at least shows them to you, or malicious actors looking for their next target, the information is easily collected.  Don't get angry at Shodan because they showed whether or not the emperor had clothes.

Reply