An exploratory analysis on the impact of Shodan scanning tool on the network attacks

Network flexibility, openness and systems integration has brought in the last years many advantages in the society in terms of communication and information sharing. Beside that, new issues are emerging related to vulnerabilities in the Internet, which can affect not only virtual environments in an isolated way but this can have serious repercussions in the real world. That is why, the identification of new system vulnerabilities represents an important information for malicious parties. Currently, several tools, known as Online Public Scanning Tools (OPSTs) represent for attackers an attractive source of information from which to draw in order to plan and launch attacks. Indeed, they can automatically scan services, platforms and IoT devices connected to the Internet in order to retrieve information related to them, by including those related to vulnerabilities. In this context, this work aims to investigate how such OPSTs impact the launch of attacks on the network. To this purpose, a model centered on 3 main actors, (i.e. the attack, the hacker and the OPST) has been proposed by defining a set of features which aims to support the evaluation. Shodan was chosen as the OPST, as it is the most popular based on the related review works, while a honey-based approach was adopted to support monitoring and information extraction related to attacks. The results of these analyzes, which show how Shodan influence the attackers in carrying out network attacks are presented and discussed.