Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Security

Researcher Scans All IP Addresses of Austria, Finds a Ton of Things That Shouldn't Be Online (haschek.at) 104

Christian Haschek scanned the entire Austrian IP space and found IP cameras, printers, and industrial control systems and a range of other devices that should not be online.
This discussion has been archived. No new comments can be posted.

Researcher Scans All IP Addresses of Austria, Finds a Ton of Things That Shouldn't Be Online

Comments Filter:
  • Annnnd... (Score:4, Insightful)

    by LesFerg ( 452838 ) on Sunday February 17, 2019 @07:29PM (#58137230) Homepage
    IT professionals around the world were shocked by this discovery. Not in the slightest.
    • I don’t know about you, but I was sure glad I happened to be sitting down when I read this shocking headline!

    • I had a network scan report last year that showed garage door openers for the underground garage on the General VLAN. Didn't surprise me at all. Still waiting to see coffee pots, microwave ovens auto flush toilets to pop up on a scan report.
  • by quenda ( 644621 )

    Austria has 11 million IPv4 addresses. 11.170.487 to be exact

    You know you've been in the continent too long when you put periods in the middle of an integer, but not at the end of a sentence.
    Sorry to be such a grammar n ... na ... never mind.

    • Re:dotted triple (Score:5, Insightful)

      by angel'o'sphere ( 80593 ) <angelo.schneider ... e ['oom' in gap]> on Sunday February 17, 2019 @07:50PM (#58137300) Journal

      FYI: in Europe we use periods instead of commas to visually separate long integer numbers into groups of 3 ... a no brainer if you had looked closely and seen he made the "same mistake" twice.

      American way: 1,000,000
      European way: 1.000.000

      Simple, isn't it?

      • by ShanghaiBill ( 739463 ) on Sunday February 17, 2019 @08:11PM (#58137378)

        American way: 1,000,000

        It is not just America. 70% of the world uses commas as separators with a decimal point. We out number the dot-separators more than two-to-one.

        Of the nine countries with nuclear weapons, seven use commas as separators. So if you want to fight this out, you are gonna lose.

        • Both ways of writing numbers are totally flawed.

          1.000.000

          Did I just write "one million" or "one thousand as a float with a precision of three decimal points"?

          1,000,000

          Try using that format in parameters, coordinates, etc. It's going to be a mess.

          1000000 is just plain easier to read and no mistakes can be made. Of course, if you're programming it has to be 1000000, but still.

          • by ls671 ( 1122017 )

            one thousand would be 1.000,000 in their system so in short it is just like driving to the right or driving to the left. Inverse everything ;)

            Dots become commas and commas become dots.

            1,000.825 == 1.000,825

            I have to agree this is kind of silly that we can't all agree in the same notation. This is far worse than metric vs imperial because it is expressing exactly the same value.

            There is many websites out there (example: Paypal) that force you to enter an amount or a number in a specific way depending on how

          • And slashdot helpfully removed the non-breaking spaces that I wrote in the first "1-000-000" of my last sentence. <sigh>

            • Thus disproving "no mistakes can be made" :)

              Oh, and all three ways of writing numbers are totally flawed. The better way is 1'000'000. No one ever misunderstands that, even if they've never seen it before. And /. cannot bungle the formatting, try as it might.

          • Of course, if you're programming it has to be 1000000, but still.

            1990 called and wants its issues back.

            In modern languages you can even put separators in base-2 notated values

        • So if you want to fight this out, you are gonna lose.

          Sure just remember when you fire your nuke we are 8.339 distance units away, and make sure you double check your units with NASA before you fire.

        • I'm imagining world war 3 breaking out over a disagreement over comma versus period number separation.

      • by quenda ( 644621 )

        European way: 1.000.000

        Simple, isn't it?

        Doch! (Hope I used that correctly, as we have no English equivalent.)

        It is not so simple. British and other English speakers do not do it that way, so commas should always be used as separators when writing in English.

        England is still in Europe, no? At least for a few more weeks until it gets towed into the Atlantic.

        The number is also funny because, as Trogre said, it looks like a single IP address.
        How do central Europeans write dotted quad notation?

        • How do central Europeans write dotted quad notation?

          They're too poor for that to create any ambiguity. They don't have that many of anything.

      • COBOL was created in collaboration between Americans and Europeans, and it nearly broke down over the number seperator, with one researcher emotionally declaring, "I will never use a period as a decimal point!" Eventually they came to a compromise but not before a tombstone was made for COBOL. https://www.computerhistory.or... [computerhistory.org] Next let's tackle the controversy of order of operations! Left to right is of course the proper order.
      • by msauve ( 701917 )
        Whoooooooooooosh. He knew that.
      • 1,000,000.00 is used in the UK
      • French Canadian way (we use space separator): 1 000 000
        With decimals: 1 000 000,99

      • by Anonymous Coward

        European way: 1.000.000 Simple, isn't it?

        You misspelled "stupid".

    • Quenda, you just embarrassed yourself and the entire country. Thanks a 1.000.000.

    • by Trogre ( 513942 )

      That's just one single IP address, and not a valid one at that.

      I just had an image of an entire country accessing the Internet through a single NAT'd interface.

      • by ls671 ( 1122017 )

        I assume that Austria must have more than 65,535 simultaneous connections needs.

      • That's just one single IP address, and not a valid one at that.

        I assumed it was shorthand for a CIDR address aligned to 8 bits.

  • by Anonymous Coward

    They hooked up - let us just call it something very large, handling a lot of energy - to the public internet via a ADSL connection.
    I went home and demonstrated I had direct read/write access to everything from home without using any of the passwords (and I could just change them.)

    They put in a firewall on that site, but making the product secure was out of the question. That was 15 years ago, they have changes to a OS with some security since then.

  • by Anonymous Coward
    I used to think that people were smart.
    Then came the Internet, and I started thinking that people were getting dumber, not smarter, over time.
    Then came Internet 2.0, and the Real Truth finally hit me: people have been dumb as a fencepost all along. The Internet just made it obvious.

    Look around you: the utter stupidity of our own species will be our undoing.
    HELP STAMP OUT STUPIDITY!
    • by Anonymous Coward
      Bottom line: You're pretty dumb for not realizing that sooner.
      • Double bottom underline, why the hell does he need stamps? Does he need to mail something? Doesn't he know he can send electronic letters? It's called email.

    • The word you're looking for is uneducated. Blame the school system (and homeschooling even more).

      We don't teach critical thinking and reward rote learning and saying what the teacher wants to hear. Now what kind of result do you expect from that?

  • In IPv6 every atom (at least - possible even the sub-atomic particles) can have an IP address, right?

    • In IPv6 every atom (at least - possible even the sub-atomic particles) can have an IP address, right?

      No. IPv6 is 128 bits, which is 3.4e38.

      The number of quarks in the universe is roughly 1e80.

        So you are short by 42 orders of magnitude.

      • Yeah but you shouldn't put all quarks online anyway... Some are like printers and smart fridges and need to be behind a NAT.

      • 42. Forty Two. The answer to life, the universe and everything!
      • My algebra is a bit rusty... there's only one quark per atom?

        • 3 per baryon. (Proton, neutron, etc)

          Take atomic weight, and multiply by 3. Gives average quarks per elemental nucleus. (Not counting highly exotic nuclei with pentaquark configurations.)

  • 1000 or so windows machines exposed in a country of 8 million, with unclear actual security risk.

    DNS servers that actually serve DNS requests. Yes DDOS attacks are a problem, but so are DNS servers that don’t d anything. Agian, very few that appear to be a real problem.

    Cameras are an issue, but it s pleasantly surprising there are only two public.

    A few people have pen printers. One can imagine use cases security by obscurity might be the best option. Who is going to print on a random printer. An

    • by ls671 ( 1122017 )

      That is what websites should do. A functional website should never return a 404.

      I agree, my web site sends a redirect to the Austrian government when a page isn't found. I get about 10,000 request a day for wp-login.php and I don't host any wordpress sites.

    • Who is going to print on a random printer.

      (paper coming out of your printer, reading)

      Greetings,
      You don't know me, but I have sent this to your printer. Another sheet of paper will be printed shortly, yes, it is a ransom note. You will put this note into an envelope and mail it. Don't contact the police, you and your porn collection would not like what happens next...

      (I leave the rest to the imagination of the reader)

    • Who is going to print on a random printer.

      I have people print to the printer I run for my lab, from other places in the building, occasionally.

      And when people learned about the bugs in the HP JetDirect that let people lock them up, assholes went out of their way to do that.

      A functional website should never return a 404.

      Uhhh, that's how it tells you you've requested an invalid page. The site is functional. It should tell you when you made a mistake.

  • I hope that discovery wasn't shocking enough to give him a palpitation. If he scanned the rest of the world, his heart might shoot out the back of his underwear.
  • I really wonder how these things end up online, given that most consumer routers don't accept incoming connections by default. Are people really going out of their way to put this stuff on the open internet, or is something else going on here?
  • Seriously why the fuck is this an article? There are no revelations in this and this is nothing that anyone with half a clue is already fully aware of.
  • by complete loony ( 663508 ) <Jeremy.Lakeman@nOSpaM.gmail.com> on Sunday February 17, 2019 @10:09PM (#58137638)

    At a defcon talk in 2014 (talk [youtube.com] slides [defcon.org]) they scanned the whole IPv4 space live, looking for VNC instances. At least, anything that responded to a SYN packet.

    Then they took a couple months to connect to each VNC instance, if no password was required, grab a screen shot.

    Leading to a series of talks of things that shouldn't be on the internet [youtube.com].

    • This researcher must have a good publicist. shodan.io, project sonar (https://opendata.rapid7.com/about/), https://www.binaryedge.io/ [binaryedge.io], https://twitter.com/ErrataRob [twitter.com], and many more scan the entire internet all the time. https://twitter.com/Viss [twitter.com] does talks about finding wacky stuff on the internet regularly.
    • Tentler is hilarious. I liked the defcon comedy inception panel version of this (with "and give me a drink" added to the title).
      Normally I'd say "and nothing of value was learned" because most of us know that there are all kinds of things on the 'net that shouldn't be.
      But evidently there are some people behind the curve of the obvious.
      It really got bad, and is getting worse due to the usual "follow the money" issues. Why to I need to use some intermediary for my internet of things stuff? So they can b

"Hello again, Peabody here..." -- Mister Peabody

Working...