Wednesday 26 August 2015

Introducing Am I Sharing Stuff

A while back, I posted about the dangers of open FTP services that a lot of home routers provide. The more I thought about, the more I realised that it wasn’t visible to people on how to find out if they were sharing files via FTP without going to sites such as Shodan or FileMare.

That is why I created Am I Sharing Stuff and it is now live at https://www.amisharingstuff.com so let me tell you about it.

About Am I Sharing Stuff

After I wrong the post, I went through a number of different ideas on automating searches so that people could see if their router was doing anything suspicious. The more I looked into it, the more I could see that the problem was only getting bigger as routers were being compromised and more files were been exposed.

So I came up with an idea of load a page and tell the person what is wrong and so Am I Sharing Stuff was born.

It is a very simple site that checks if your current IP is sharing information via FTP. It is limited to the FTP service at the moment, but I will expand it to HTTP, Telnet and SMB as these are the most common vulnerable services.

On loading the page, you will be shown your IP and any information the scanner has. Over 40 million IPs have been scanned so far covering the Nordics (Norway, Sweden, Denmark and Finland) with country blocks been added daily.

You can request a scan of your IP and the server will attempt to connect to your shown IP address. Feedback is sent in real time from the scanner so that will get an update while you wait. You can only scan the IP address you are connected from. This is simply to prevent abuse and using the scanner to scan to IP addresses.

You can also remove your information from the site but at the moment there is no permanent blacklisting but this will be coming on stream in a couple of days.

FAQ

What are you doing to connect to my router?

The server sends a request to your router on port 21, the port used by FTP. If your router answers, the crawler will attempt to login using the anonymous credentials. If it logs in, it will attempt to get a list of the directories. The crawler then sends the following information back to the server

  • The IP address that was scanned
  • The country that the IP is registered to
  • If port 21 was open
  • If items were found

No details of the types of files, the number of files or any other information is retrieved nor stored.

Do you charge for the service?

No. Its free to use

What if I don’t want my data on the site

Click the Remove your details button. The site information is deleted. If you click Scan, it will be inserted again. I will be rolling out permanent blacklisting in the next couple of days.

Will removing my site mean you will not scan me again?

Yes, Am I Sharing Stuff’s crawler will not however other crawlers may.

What do I do if I am sharing files and I didn’t realise it?

You can check with the manufacturer of your router and see how to change it. The most common manufacturers are listed below

Technical FAQ

The site is ASP.NET MVC hosted on Azure. Technical write will be coming soon.