Jump to content
QuoVadis

How To Block Shodan.io From Scanning Your network

Recommended Posts

Posted

Shodan.io is a search engine with the job of crawing the internet for publically acessible servers, software, and equipment. Intended as a site for cyber security experts and researchers, Shodan is a popular destination for those with other intentions as well. While not an inherently bad site, a hacker might want to cause some trouble by remotely accessing a web server with default credentials found on Shodan. News stories over the last few years talk about how Shodan has been used to log into traffic light controls, web cameras, and find databases to exploit.

 

How do you prevent your network from being scanned and added to Shodan? First you’ll need a router or firewall with more than basic functions. Your device should accept custom firewall rules where you can block by remote IP address. Second you’ll need a list of the servers that Shodan uses to crawl the internet.

 

Below is a list of known Shodan IP addresses and host names. A firewall rule should be created to block each entry.

 

93.120.27.62 - m247.ro.shodan.io

85.25.43.94 - rim.census.shodan.io

85.25.103.50 - pacific.census.shodan.io

82.221.105.7 - census11.shodan.io

82.221.105.6 - census10.shodan.io

71.6.167.142 - census9.shodan.io

71.6.165.200 - census12.shodan.io

71.6.135.131 - census7.shodan.io

66.240.236.119 - census6.shodan.io

66.240.192.138 - census8.shodan.io

198.20.99.130 - census4.shodan.io

198.20.70.114 - census3.shodan.io

198.20.69.98 - census2.shodan.io

198.20.69.74 - census1.shodan.io

188.138.9.50 - atlantic.census.shodan.io

 

If you have a router capable of displaying active sessions or reporting blocked firewall events, you’ll see something like this.

 

shodan_census.png
 
 

There are of course a number of things you can do to protect yourself from uninvited internet guests. First and foremost, don’t use default credentials for your router, server, database, IP camera, etc. These devices are incredibly easy to find through Shodan and there is never an excuse for defaults! You can also set your router to only allow inbound traffic from known IP addresses. Disabling WAN pings is another way you can try and prevent inbound traffic to your network. The easiest test is to run a Shodan search against yourself. If you know your external IP address, plug it into Shodan and look at the results. Do you see open ports? Do you have devices that are unsecured or running default credentials? The best solution is not to have public facing devices at all and instead to use a VPN to remotely access equipment, but in some situations that just isn't an option and the firewall rules are a fix.

 

There are a number of routers that can provide the necessary firewall capabilities to block sites like Shodan from scanning your network.

 

shodanfirewallpep.jpg
(Blocking a Shodan IP on a Peplink)
 
 

The Pepwave Surf SOHO or Cradlepoint MBR1200B will provide adequate blocking for most homeowners or small businesses. Medium to enterprise size companies will want to look at more capable options like the Peplink Balance 380 or the AER3100.

 

SOURCE

 
  • Thanks 1
  • Upvote 2
Posted
1 hour ago, rivadarlin said:

I blocked it with iptables but still scanning in shodan.io

This topic was created five years ago

 

Look here:

https://wiki.ipfire.org/configuration/firewall/blockshodan

 

Also, you can read here something: https://www.csoonline.com/article/3020108/blocking-shodan-isnt-some-sort-of-magical-fix-that-will-protect-your-data.html

 

Quote

Shodan isn't the enemy.

In fact, Shodan is a seriously useful tool. Instead of blocking it, integrate it within your security process and use it to discover things you might not know about.

 

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...