Shodan and ICS systems

Exploring the
Dark Internet
Bill Matonte, Brian Brokling, Chris Hamm
• What is Shodan
o The dark Internet
o The Shodan Story
o How Shodan works
• Industrial Control Systems(ICS) and their
• Countermeasures
The Dark Internet
In order to understand SHODAN, you must
understand where SHODAN operates. That is, the
dark Internet.
• As soon as 2001, there could have been as many
as 100,000,000 hosts that are completely
• Many of these websites can be reached through
"secure gatekeepers", but the security can be very
The Shodan Story
• SHODAN was thought of in 2003 and launched in 2009.
• SHODAN is the brainchild of John Matherly. He named his
creation off of the evil artifical intellegence entity, SHODAN,
from the System Shock series of video games.
• The main idea behind SHODAN is that there are many nodes on
the internet, especially industrial and commercial systems, that
use the internet, but are not normally considered part of it.
• SHODAN changes this paradigm.
Industrial Controls
• Include Many Essential
o Nuclear power plants
o Chemical processing plants
o Energy pipeline monitoring and
• Operate and monitor
systems remotely
• Reduces cost
• Increases security risk
• Designed for function
not security
ICS Continued
• Lack basic security features
o Encryption, Firewalls, Anti-Virus Software
• Systems difficult to update
• Default passwords often unchanged as a “safety
• Before 2011 thought to be “Air-Gapped”
• In 2011 it was revealed that 7500 ICS nodes were
• Only 17% required Passwords
• 20.5% were susceptible to known exploits.
Shodan the Search Engine
• Optimized to search for systems
• Uses Indexed meta-data stored in banners
• Filter information from banners to find vulnerable
• DEMO!!!
• Restrict your devices to only allow packets to be
broadcast inside the internal LAN
• Restrict what IP addresses can access your network
from the internet
• Use VPN to remote access your network
• Change all default device passwords to something
• Surpress or minimize verbose banners
• Run Shodan against yourself
o see if you can find yourself with Shodan
Works Cited
"Frequently Asked Questions." SHODAN. N.p., n.d. Web. 22 Apr. 2014. <>.
Goldman, David. "Shodan Finds the Internet's Most Dangerous Spots." CNNMoney. Cable News Network, 02 May 2013.
Web. 22 Apr. 2014.
Goldman, David. "Shodan: The Scariest Search Engine on the Internet." CNNMoney. Cable News Network, 08 Apr. 2013.
Web. 22 Apr. 2014.
Graddy, Marchello, and Dennis Strouble. "Critical Infrastructure Control Systems Vulnerabilities." International Conference
on Information Warfare and Security. Reading. N.p.: Academic Conferences International Limited, 2010. 106-XIII. Web. 22
Apr. 2014.
Hill, Kashmir. "Camera Company That Let Hackers Spy On Naked Customers Ordered By FTC To Get Its Security Act
Together." Forbes. Forbes Magazine, 04 Sept. 2013. Web. 22 Apr. 2014.
Hill, Kashmir. "The Crazy Things A Savvy Shodan Searcher Can Find Exposed On The Internet." Forbes. Forbes Magazine,
05 Sept. 2013. Web. 22 Apr. 2014.
ICS-CERT. "Alert (ICS-ALERT-11-343-01A)." Control System Internet Accessibility (Update A). Deopartment Of Homeland
Security, 21 June 2012. Web. 22 Apr. 2014.
Leverett, Eireann. "Quantitatatively Assessing and Visualizing Industrial System Attack Surfaces." Diss. U of Cambridge,
2011. Leveret-Industrial. Web. 23 Apr. 2014. <">.
NERC. "Control Systems Security Working Group(CSSWG)." NERC. North American Electric Reliability Corporation, n.d.
Web. 23 Apr. 2014. <>.
O'Harrow, Robert, and Jr. "Cyber Search Engine Shodan Exposes Industrial Control Systems to New Risks." The
Washington Post. N.p., 27 Dec. 2012. Web. 8 Apr. 2014.
United States. Department of Energy.Office of Scientific and Technical Information, United States. Department of Energy,
and Idaho National Laboratory. Introduction to SCADA Protection and Vulnerabilities. Washington, D.C; Oak Ridge, Tenn:
United States. Dept. of Energy, 2004. Web.
Wiess, Aaron. "5 Tips to Protect Networks Against Shodan Searches." - ESecurity Planet. N.p., n.d. Web. 21 Apr. 2014.

similar documents