Shodan Cataloging of Liebert & APC

(Disclaimer – It is not the intent of this post to point out a particular BAS software vendor.  The intent is to show that we, the system integrator, still have work ahead of us to do our part)

Last week I searched for Niagara systems on Shodan and the numbers were 27k plus in just the US.  This week the US number is down just over 15k.  This does not necessarily mean it will continue to go down.  It just means that is the number Shodan has picked up thus far.

This week I search for Liebert and APC.  These are typically used in data centers and you would not expect to find them exposed.  However, I was able to find some.  And the US is once again the leader in the pack of most exposed.

The good news is the number was only in the double digits for Liebert.  The number of exposed APC devices were significantly less than Niagara, but numbered close to 4,000.  The US was number one with 3,819 and the UK was number two with 578.

Checking out the details page of some sample units show the information available is fairly descriptive.

The image on the right shows a Liebert Challenger that (according to the location description) is in a server room.The application software is listed as well as the firmware version.

The image on the right is the detailed information for this public IP.It also list: City Country Internet Service Provider Last Update (this is the date and time Shodan last connected to the the site which was four hours before this screen capture) Services – Telnet Port 23 Ports – 23, 80, 47808 (all default) Etc. Notice at the top is the street map.

Another example of potentially critical equipment that is exposed and cataloged by Shodan is APC.

The image below shows an APC SNMP device with an exposed IP which happens to be a power strip that controls VM, APP, and SQL servers.

The details for the exposed IP listed are:

• City
• Country
• Internet Service Provider
• Last Update (this is the date and time Shodan last connected to the the site which was three hours before this screen capture)
• Services – Telnet Port 23
• Ports – 23, 80, 161 (all default)
• MIB version
• Etc.

Notice at the top is the street map.

Like I said in the last post, we all know this is something that we cannot change overnight, and at the end of the day we cannot force the end user to spend the money and make the changes necessary to make their systems safer.  However, we need to architect new systems securely and make the necessary recommendation to our customers on how to secure their legacy systems.

If you would like more information on any of my other post, email me at fred.gordy@smartcore.com.