Shodan, usage and how to be protected

Shodan is a specialized search engine.

Traditional search engines like Google index websites and return web sites and web content. Shodan index IoT devices and returns publicly accessible information about them rather than website content.

Shodan usage.

1. Used by penetration testers and white hackers to identify vulnerabilities.
2. Home consumers can find vulnerabilities in their own internet-connected devices.
3. It gives vital data about IoT (Internet of Things) devices for data scientists, law enforcement officials, and cybersecurity professionals to do research.
4. Shodan can assist in identifying critical infrastructure networks, including as water treatment plants that should not be accessed through the public internet, internet-accessible SCADA control centers, and insecure IoT home-network devices ranging from refrigerators to home security systems.
5. Shodan tracks current exploits targeting specific device types or specific software usage. Easily determine if your business is vulnerable to security breaches.

Block Shodan scanners.

In fact, instead of removing the device from Shodan, we prevent the engine from detecting it.

Almost all NGFWs allow you to configure FQDN wildcards. Thus, apart from the fact that the scanner’s IP address is constantly changing, you can block the scanner by creating a policy that denies incoming and outgoing connections.

If you need to have workarounds or setting up computer firewall, IPFire has a nice guide in setting up host definitions.

‍https://wiki.ipfire.org/configuration/firewall/blockshodan