Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Botnet Uses Default Passwords To Conduct "Internet Census 2012" 222

An anonymous reader writes "By using four different login combinations on the default Telnet port (root/root, admin/admin, root/[no password], and admin/[no password]), an anonymous researcher was able to log into (and upload a binary to) 'several hundred thousand unprotected devices' and run 'a super fast distributed port scanner' to scan the enitre IPv4 address space." From the report: "While playing around with the Nmap Scripting Engine (NSE) we discovered an amazing number of open embedded devices on the Internet. Many of them are based on Linux and allow login to standard BusyBox with empty or default credentials. We used these devices to build a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most common ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage. All data gathered during our research is released into the public domain for further study."

I was playing poker the other night... with Tarot cards. I got a full house and 4 people died. -- Steven Wright