The post doesn’t mention any results from this approach, do you have any?
I can’t publish actual results for obvious reasons, but it does find a few servers in a short time (~15-30 minutes maybe, I wasn’t paying attention to the terminal)
Cool, that’s all I meant really. Can you say how many IPs you had to hit before finding those few? Or the average IPs per second? Thanks.
Scanning the internet randomly in that way is not gonna lead to a lot of results, at least not in any reasonable time frame.
If you instead look at sites that crawl the internet for a living, you get 17.000 results. Not all are actually Redis nodes and not all Redis nodes are completely open.
Attack vectors on Redis to compromise the whole system are known for quite some time, and Redis now has better defaults and a protected-mode by default. But people tend to not update it. We still reguarly have users coming into the IRC channel asking for help with cleaned/exploited Redis node.
I keep reminding people to not open up each and every service to the whole wide internet.
Yeah indeed, that’s exactly why I asked for the results - I’m curious to see if they found a single one with this technique.
There’s no need to implement the most basic tcp scanning these days. Just use https://github.com/robertdavidgraham/masscan
That’ll be a damn sight quicker than the code in this blog, and once you have the list of the ips listening on that port at all, a more specialized request (e.g. the RANDOMKEY here) can be done.
I assume the author didn’t know about masscan since there’s no reference to it.