Shodan (https://www.shodan.io/) been doing this for over 5 years, with a similar tagline: Shodan is the world's first search engine for Internet-connected devices.
From the article: "It's comparable to Shodan, a search tool for connected devices, but turbo charged and closed to the general public, Junio's previously said."
I think their big thing is speed. They are scanning the entire IPV4 space in 60 minutes which... is kind of impressive? I haven't thought about it but doing a port scan on my public network takes a little bit of time and I'm only dealing with couple dozen IPs.
I think the key quote is "The ultimate aim of the service is to help companies determine if there are vulnerable devices on their network that could be exploited by malicious hackers, who could then pivot and compromise the whole organization."
I believe the founder was on Recode podcast within the last year. It was a great listen and really sold the product value prop. I work in healthcare and in my office alone we have 2 or 3 printers connected that IT isn't aware of because we couldn't get approval.
And with their speed they could probably run it every hour so that IT can act immediately on potential vulnerabilities, not just testing it every few months.
I learned about Qadium last spring. Not sure how under the radar they were then, but I heard about it through a referral of a referral working on cyber risk.
If they are able to credibly provide a baseline for number of connected devices and percentage that are vulnerable, it won't be a huge step up from zmap, but it could provide some interesting data for security pros, regulators and insurance. Not sure how they get to the part about vulnerability of devices.
The cyber kill chain provides a nice jumping off point for a hierarchical model, but the kind of data necessary to really flesh it out is just so damn hard to find at the quality levels necessary.
It's nice Peter Thiel found a new hobby other than testing hepatitis treatments in low income countries that is illegal in the US. Even though this is a scam and as many other people pointed out, something anyone can do, it's actually one of the less shady things Peter Thiel has done. Good job Peter. Way to be somewhat less shady.
Am I correct in understanding that this just pops off a list of IP addresses reachable from whatever "point" you start the "scan" from?
Is there more info into "how"? How is this something that doesn't already exist? Other's have referenced Zmap, how is this an improvement over it, or even just a patient person with Nmap?
The majority of infected computers form WannaCry was windows 7, its a common misconception that windows xp was the most hit. But never the less I don't see how this scanner could of prevented that unless he added EnternalBlue etc to the scanner once smb was found to be open.
Eh, not really, it's just going to require an exponential increase in computing power. They already have the platform, in theory it would just be about scaling.
That said, it's kind of a huge scaling problem. If it really is a matter of throwing more hardware on it, and they currently use, say, 100 servers, they're going to need 429496729600 servers to get the same times they are getting now.
Maybe not that many, but still a lot more, if you first looked at BGP, and only brute-forced networks that were routable, rather than the entire search space.
Basically, before scanning, query and iterate all ASes advertisments and union present ranges, then feed that to zmap or something that can scan IPv4 and/or IPv6.
If you google the number of Possible IP (v4) addresses you get an answer that kind of gives you more context for your question:
IPv4 uses 32-bit IP address, and with 32 bits the maximum number of IP addresses is 232—or 4,294,967,296. This provides a little more than four billion IPv4 addresses (in theory). The number of IPv4 available addresses is actually less than the theoretical maximum number.
So you would need to be prepped to hit 4 billion approx devices.
Yeah guess would need more context I mean I hear crazy processing times l (requests per second) whether it's go or visa transactions it seems possible with enough resources but what do you do/compare I don't know haha. IPV6 too.
https://zmap.io/ is the tool of choice for scanning IPv4 space quickly. If you have good connectivity and the correct hardware you can scan a lot of space very very quickly.
