

You've been SHODAN'd - Prefect
http://praetorianprefect.com/archives/2009/11/youve-been-shodand/

======
tptacek
There is a very fine, often moveable, always unpredictable line between what's
considered "in plain view on the network" and what's considered "intrusion".
People have been convicted of felonies for crossing that line with no
malicious intent.

It's also one of the great slippery slope arguments in my field. As anyone
who's ever played with Metasploit on a big network knows, what's in "plain
view" depends entirely on how good your optics are.

------
NathanKP
SHODAN will definitely motivate network and server administrators to stay up
to date with the latest vulnerabilities. It could possibly even be used by
them to test to see if their servers are vulnerable.

Overall I don't think that will have an overly negative effect. Instead, like
any other dangerous tool, it will cause people to find a way to limit the
danger that it poses, and that means that they will work harder to make sure
that their servers are up to date and as secure as possible.

------
wendroid
When an entity only advertises a domain name www.domain.com rather than the
URI <http://www.domain.com/> then as far as I am concerned, I have been
invited to query that server concerning the services it offers, namely: a
portscan.

For instance the page at <http://www.amazon.com/> contains an advertisement
that simply says "amazon.com". So I should scan it to see what they offer. It
might be http / https / irc / echo / heck even a shell for all I know. If it
were "1 Amazon Street" I would be perfectly entitled to arrive at that
building and see if any entrances were open to the public.

It might say "Amazon club card holders only" on a door and I might be asked
for my card should I try to gain entrance. It would only be "criminal" if I
decided to gain entrance despite such constraints.

