I scanned Ukraine
In February, Austrian Christian Haschek published an interesting article in his blog entitled “I scanned the whole of Austria . ” Of course, I wondered what would happen if we repeat this study, but with Ukraine. A few weeks of collecting information round-the-clock, a couple more days to complete the article, and during this study, interviews with various representatives of our society, then clarify, then learn more. I ask under the cat ...
No special tools were used to gather information (although several people advised using the same OpenVAS to make the study more thorough and informative). With the security of IP, which relate to Ukraine (below how it was determined), the situation is, in my opinion, rather bad (and worse than worse than what happens in Austria). No attempts to use the detected vulnerable servers have been made or planned.
It is actually very simple. IP addresses are not generated by the country itself, but are allocated to it. Therefore, there is a list (and it is public) of all countries and all IP that belong to them.
Everyone can download it and then filter it grep Ukraine IP2LOCATION-LITE-DB1.CSV> ukraine.csv
')
A simple script that was created by Christian allows you to bring the list into a more usable form.
Ukraine has almost as many IPv4 addresses as Austria, more than 11 million 11,640,409, to be exact (for comparison, in Austria - 11,170,487).
If you do not want to play with IP addresses yourself (and you should not do this!), Then you can use the service Shodan.io .
Of course, no conscious Ukrainian will open such access for his computers. Or will it be?
5669 Windows ( 1273, ).
. , ETHERNALBLUE, 2017 ? , , . , . 198 IP , «» .
Windows. , DNS , open-resolvers DDoS .
. DNS , , 100 . ! , , . GitHub.
, .
, 53 . 58 730 IP , , DDoS . , , open-resolver.
dig , «» dig + short test.openresolver.com TXT @ip.of.dns.server. open-resolver-detected, . Open resolver' 25%, . , 0,02% IP.
, . ( ) , IP 80 «».
260 849 IP 80 (http). 125 444 (200 ) GET , . . , 853 500 , 407 ( ) 602 (IP « ») .
Apache — 114 544 . — 1.3.29, 29 2003 (!!!). nginx 61 659 .
11 WinCE, 1996 , 2013 ( 4).
HTTP/2 5 144 , HTTP / 1.1 — 256 836, HTTP / 1 — 13 491.
2 HP, 5 Epson 4 Canon, , .
, , , . 75 . .
— , , , . , , , .
, - ( ), . . !
TL; DR
No special tools were used to gather information (although several people advised using the same OpenVAS to make the study more thorough and informative). With the security of IP, which relate to Ukraine (below how it was determined), the situation is, in my opinion, rather bad (and worse than worse than what happens in Austria). No attempts to use the detected vulnerable servers have been made or planned.
First of all: how can I get all the IP addresses that belong to a particular country?
It is actually very simple. IP addresses are not generated by the country itself, but are allocated to it. Therefore, there is a list (and it is public) of all countries and all IP that belong to them.
Everyone can download it and then filter it grep Ukraine IP2LOCATION-LITE-DB1.CSV> ukraine.csv
')
A simple script that was created by Christian allows you to bring the list into a more usable form.
Ukraine has almost as many IPv4 addresses as Austria, more than 11 million 11,640,409, to be exact (for comparison, in Austria - 11,170,487).
If you do not want to play with IP addresses yourself (and you should not do this!), Then you can use the service Shodan.io .
Are there any non-patched Windows machines in Ukraine that have direct access to the Internet?
Of course, no conscious Ukrainian will open such access for his computers. Or will it be?
masscan -p445 --rate 300 -iL ukraine.ips -oG ukraine.445.scan && cat ukraine.445.scan | wc -l5669 Windows ( 1273, ).
. , ETHERNALBLUE, 2017 ? , , . , . 198 IP , «» .
DNS, DDoS
Windows. , DNS , open-resolvers DDoS .
. DNS , , 100 . ! , , . GitHub.
, .
masscan -pU 53 -iL ukraine.ips -oG ukraine.53.scan && cat ukraine.53.scan | wc -l, 53 . 58 730 IP , , DDoS . , , open-resolver.
dig , «» dig + short test.openresolver.com TXT @ip.of.dns.server. open-resolver-detected, . Open resolver' 25%, . , 0,02% IP.
?
, . ( ) , IP 80 «».
260 849 IP 80 (http). 125 444 (200 ) GET , . . , 853 500 , 407 ( ) 602 (IP « ») .
Apache — 114 544 . — 1.3.29, 29 2003 (!!!). nginx 61 659 .
11 WinCE, 1996 , 2013 ( 4).
HTTP/2 5 144 , HTTP / 1.1 — 256 836, HTTP / 1 — 13 491.
… … ?
2 HP, 5 Epson 4 Canon, , .
, , , . 75 . .
?
— , , , . , , , .
, - ( ), . . !
Source: https://habr.com/ru/post/444490/
All Articles