Study of Crawlers of Search Engine ‘Shodan.io’

Study of Crawlers of Search Engine ‘Shodan.io’

연구 분야: Networking

학회: 2021 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT)

`Shodan.io' this is the most popular and functional cloud-based security scanner, which identifies itself as a search engine for The Internet of things. Each host that has just been connected to IPv4 Internet will receive the first probe packets from Shodan in no more than a few hours. Shodan has closed software and search algorithms, so we cannot accurately assess its capabilities and weaknesses. In this study we observed Shoran's interaction with three types of traps with traffic recording. The study was conducted for 331 days in 2020. Based on the observation results, we made considerations about the algorithms and parameters of the scanning of Internet, which are described in the article. For example, different network services have significantly different Shodan detection probabilities. In the study we identified the addresses of 40 regular and 8 additional search crawlers. Additional crawlers differ by working covertly, not publishing their results. The obtained results improved our knowledge of Shodan opportunities and development of mechanisms that will hide protected hosts from search crawlers. It will save them from potentially malicious attention from a large Shodan audience.