Shodan Adventures Part 1
There’s been a lot of issues with Netgear’s remote management web page in its routers in the past, and the guidance has been to disable the remote management web page. Well, I decided to see how many people have left their Netgear router vulnerable because they have the remote management enabled.
As most of us know, people are not great at taking advice, and the results of my Shodan search is just more anecdotal evidence of people not heeding sound advice to save themselves a potentially giant headache.
Shodan is a tool that can be used for a myriad of projects and reasons. “Shodan is a search engine for Internet-connected devices. Web search engines, such as Google and Bing, are great for finding websites. But what if you’re interested in measuring which countries are becoming more connected? Or if you want to know which version of Microsoft IIS is the most popular? Or you want to find the control servers for malware? Maybe a new vulnerability came out, and you want to see how many hosts it could affect? Traditional web search engines don’t let you answer those questions.”
How does Shodan get information from connected devices? “So what does Shodan index then? The bulk of the data is taken from banners, which are metadata about software that’s running on a device. This can be information about the server software, what options the service supports, a welcome message or anything else that the client would like to know before interacting with the server.”
There were three severe vulnerabilities reported this year that included unauthenticated remote code execution, script bypass, and password recovery. The unfortunate circumstance is that Netgear doesn’t have firmware notification capability so you must periodically check Netgear’s website, you must download the firmware, login, then upload the firmware to the device for installation. Installing new firmware that contains the patches for severe vulnerabilities is not an easy task for a person with average computer experience. The system Netgear uses for firmware updates needs to be changed, but the likelihood is low to nil.
Example header from a Netgear router on Shodan:
|Top Four States|
The majority of products that are safe to use a public-facing management page with is…no product…ever. Use a remote access program such as Team Viewer (free for personal use) or Remote Desktop to connect to a computer on the inside of your network then access the management features. It is recommended that you restrict access to management features to a single IP address (computer) which can be somewhat difficult to configure if you’re not familiar with IP addressing and Ip configuration on Windows computers, but at least disable remote management and access the management features from a computer inside your network.