Data Center Equipment Exposed With Default Manufacturer User and Pass

Shodan Cataloging of Liebert & APC

(Disclaimer – It is not the intent of this post to point out a particular BAS software vendor.  The intent is to show that we, the system integrator, still have work ahead of us to do our part)

Last week I searched for Niagara systems on Shodan and the numbers were 27k plus in just the US.  This week the US number is down just over 15k.  This does not necessarily mean it will continue to go down.  It just means that is the number Shodan has picked up thus far.

This week I search for Liebert and APC.  These are typically used in data centers and you would not expect to find them exposed.  However, I was able to find some.  And the US is once again the leader in the pack of most exposed.

The good news is the number was only in the double digits for Liebert.  The number of exposed APC devices were significantly less than Niagara, but numbered close to 4,000.  The US was number one with 3,819 and the UK was number two with 578.

Checking out the details page of some sample units show the information available is fairly descriptive.

The image on the right shows a Liebert Challenger that (according to the location description) is in a server room.The application software is listed as well as the firmware version. 20150817_OB_CRAC_Bacnet
The image on the right is the detailed information for this public IP.It also list:

  • City
  • Country
  • Internet Service Provider
  • Last Update (this is the date and time Shodan last connected to the the site which was four hours before this screen capture)
  • Services – Telnet Port 23
  • Ports – 23, 80, 47808 (all default)
  • Etc.

Notice at the top is the street map.

 

20150817_OB_CRAC_LOC

Another example of potentially critical equipment that is exposed and cataloged by Shodan is APC.

The image below shows an APC SNMP device with an exposed IP which happens to be a power strip that controls VM, APP, and SQL servers.

The details for the exposed IP listed are:

  • City
  • Country
  • Internet Service Provider
  • Last Update (this is the date and time Shodan last connected to the the site which was three hours before this screen capture)
  • Services – Telnet Port 23
  • Ports – 23, 80, 161 (all default)
  • MIB version
  • Etc.

Notice at the top is the street map.

20150817_OB_APC_LOC800W

Like I said in the last post, we all know this is something that we cannot change overnight, and at the end of the day we cannot force the end user to spend the money and make the changes necessary to make their systems safer.  However, we need to architect new systems securely and make the necessary recommendation to our customers on how to secure their legacy systems.

If you would like more information on any of my other post, email me at fred.gordy@smartcore.com.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

One Response

Leave a Reply

Your email address will not be published. Required fields are marked *

BE IN THE KNOW

Join 7,595 other subscribers