• Shodan (https://www.shodan.io/) is a search engine that uses a variety of filters to find devices, such as computers, routers, and servers, which are connected to the Internet.
  • Shodan collects data mostly on web servers (HTTP port 80), but there is also data about FTP (21), SSH (22), Telnet (23), SNMP (161) and SIP (5060) services.
  • Shodan is often dubbed as “Google for hackers”, as it exposes vulnerable devices.


  • Shodan is a scanner which can find systems connected to the Internet, including traffic lights, security cameras, home heating systems and baby monitors, as well as SCADA system such as gas stations, water plants, power grids and nuclear power plants. Many of these systems have a number of vulnerabilities and very little security in place.
  • Shodan can identify the physical location of any Internet-connected equipment, as well as its IP address, and often even what type of software it’s running.. This provides sufficient information for hackers to carry out targeted attacks.
  • A massive data hack in the UK, attributed to Shodan scans, exposed sensitive data including family photographs, medical records and bank statements. This was due to security flaws in Iomega hard drives which were used to back up personal and business data.



  • Shodan “crawls” the Internet for publicly accessible devices, looking for specific IP addresses and hosts (see Appendix).
  • Blocking these IP addresses is not enough, as similar scanners are used by hackers seeking other IPs.
  • To fill these gaps, Check Point provides the following IPS protections:
    • Shodan.io Internet Of Things Portal
    • Shodan Scanner ISAKMP Request
    • Shodan Scanner SIP Request
      Shodan Scanner BACNET Request
    • Shodan Scanner GTP Request
    • Shodan Scanner ENIP Request

These protections search for specific patterns in the SYN request that characterize Shodan and similar scanners.



  • Shodan: https://en.wikipedia.org/wiki/Shodan_(website)
  • Shodan in the news:
    • http://www.dailymail.co.uk/news/article-3207396/Thousands-exposed-massive-new-data-hack-s-not-just-adulterers-outed-web-PC-hard-drive-risk-Google-hackers.html
    • http://www.computerworld.com/article/3016072/security/13-million-mackeeper-users-exposed-by-shodan-search-no-password-or-hacking-required.html

IP Host Name m247.ro.shodan.io rim.census.shodan.io pacific.census.shodan.io census11.shodan.io census10.shodan.io census9.shodan.io census12.shodan.io census7.shodan.io census6.shodan.io census8.shodan.io census4.shodan.io census3.shodan.io census2.shodan.io census1.shodan.io atlantic.census.shodan.io

  1. It’s actually a nice and useful piece of info. I’m satisfied that
    you simply shared this helpful information with us.
    Please stay us up to date like this. Thank you for sharing.

  2. Shodan is a tool fronted for a specific hacker group. They port scan our bank every day, often several times a day. I don’t understand how they are allowed to operate in the United States.

Comments are closed.