This paper describes how the author utilized unsecured devices to facilitate a portscan of the whole IPv4 Address Space.
It is quite interesting to see how vulnerable the whole infrastructure is. Most of the devices are Routers and other hardware at the edge of other systems. With root access to this devices you can wreck mayor havok on unsuspecting users and administrators alike.
I think this leads to an interesting question. Who is responsible for hardware given to customers. Should the provider have secured this devices.
Abstract While playing around with the Nmap Scripting Engine (NSE) we discovered an amazing number of open embedded devices on the Internet. Many of them are based on Linux and allow login to standard BusyBox with empty or default credentials. We used these devices to build a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most common ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage.
All data gathered during our research is released into the public domain for further study.