Shodan and Port-Knocking

Feb 17, 2022

One minute. That's how long it takes hackers to grab and exploit your private keys that you accidentally push to GitHub. Not to mention the publicly accessible services and ports exposed on the internet, misconfigured admin panels, or cloud storage buckets.

Shodan is a site that continuously scans the internet for open ports and metadata about well-known services (like ElasticSearch). It's an interesting dataset for gauging relative usage patterns for SaaS services. Doing a query for some service metadata or a default port number and cross-validating it with a set of well-known cloud IP ranges can give you a good sense of the distribution of managed services across cloud providers. See an example search for "redis".

The internet is a tough place to deploy any publicly available service. Bots, denial-of-service, 0-day exploits, you name it. As I wrote in A Personal Internet, I can see a layer 3 (see OSI model) solution like WireGuard giving site administrators a way to do easy authentication and authorization on their sites. This potentially solves some of the major issues with the internet-of-things as well.

The problem is even present in crypto – although transaction spam is essentially rate limited by fees, I suspect there will be issues with peering and bad or malicious peers. Even though there are many protections, everything must be public since it is trustless.

Port-knocking is a technique to open up a port in a firewall by connecting to a set of ports in a specific order as the "password". I don't think it's done much anymore – since it's just security through obscurity. But a fun concept.