What Can Censys Data See About Where You're Connecting From Now That You're Working From Home?
Have you ever Googled yourself? This is kind of like that, but, as with everything at the moment, we are looking at it with a COVID-19 lens. In March/April, nearly all of America’s non-essential workers up and walked out of their offices, many of them with their connected devices. In the same mass exodus, workers walked away from the watchful eye of their security and IT teams, and their previously required security processes and protocols.
As offices closed around the country (and world,) we scrambled to set up home offices (or garages, basements, bedrooms, etc.) and began the fight for a share of the home bandwidth as we tried to create some semblance of our normal work environments.
Our CEO, David Corcoran, challenged the Censys team to use our own data and search app to take a break from researching our customers’ attack surfaces and take a look at our own, at home.
One of the fun use cases of a tool like Censys is to see what it knows about you. Previously, to do that required that you knew your IP address, which (for a lot of home users) typically involved going to another site to find out your IP address. There's a bunch of them, some aptly named, but it was always the same routine - visit the site, copy your IP, visit Censys, paste your IP, and look at the result.
Well, we got tired of that cut and paste workflow, too, and so we just put up https://me.censys.io, the super easy way to see what Censys knows about where you're connecting from. A quick click and poof, you'll see ports we found open, banners we grabbed, and more.
Things worth addressing right away that Censys can highlight:
- Exposed IOT and embedded devices, like cameras, routers, SCADA or BACNET devices
- Exposed databases - you’re just asking for data leaks
- Exposed Microsoft LAN protocols like SMB - that’s a popular vector for ransomware
- Exposed telnet, FTP, and the like - plaintext gateways now mostly found on IOT devices with default credentials
- Network management exposures, like Intel AMT and SNMP
In short - almost anything except the web (ports 443 and maybe 80) and maybe even SSH (port 22) deserves a good look and review. If you weren’t expecting a web server, ensure it’s not your home router by checking the page title shown in Censys - a lot of consumer grade cable modems and the like use a web interface for configuration and management, and might be misconfigured to expose that to the Internet at large. A lot of Linux malware, including variants of the Mirai botnet, spreads that way by exploiting flaws in those devices.
Use it from home, work, on the move - have fun! And if you like what you see, sign up and begin using our free tier, which includes API credentials, too, enabling you to bring Censys data to your workflow.