![]() As its name suggests, it is a lightweight web server intended for integration into IoT and embedded devices. The situation was somewhat different in Kazakhstan… But before we get to that, let’s take a look at which web servers are, according to Shodan, most common when it comes to SSLv2 support.Īs we can see from the chart, by far the most common has been for some time the GoAhead Embedded Web Server. It can be clearly seen that in Tunisia and in the United States, public IP addresses where SSLv2 support was detected are located in IP ranges/autonomous systems assigned to different ISPs, and that devices to which these IP addresses are mapped are running different types of software (if we can identify the SW at all). Getting back to all devices which support SSL version 2.0, we saw that most of them are located in Kazakhstan, Tunisia and in the U.S. ![]() It is worth noting that we get similar results (at least in the top spot) with regards to geographic distribution of systems which support only SSLv2 and SSLv3. In fact, if we filter out just the top 10 countries with the highest numbers of web servers supporting SSLv2, we can see that there are 3 at the top, which account for most of what’s out there… While web servers which support SSLv2 are located in many countries all over the world, as the following image shows, we can clearly see that there are “hot spots” where their concentration is highest. Last week, I was talking to Justin Searle, one of our fellow SANS instructors, about the SSLv2 situation, and Justin raised a good point about how it might be interesting to learn what the devices are and where they are located… So, I have decided to find out – I did a quick analysis with the help of Shodan, and the results turned out to be quite interesting indeed! Since this cryptographic protocol was deprecated all the way back in 2011, one might not think that there would be many such devices left on the internet, nevertheless, we have shown that there still appear to be over 460,000 of them. In my last Diary, we looked at internet-connected web servers, which still support SSL version 2.0.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |