4929f884 cloud reputation feat

Moving into a new (cloud) neighbourhood? Check its reputation!


When you move to a new neighbourhood, you do some research. Are the schools good? The neighbours cooking the finest meth? That sort of thing. Its a reputation associated with that neighbourhood.

In the cloud, that neighbourhood is two things: the IaaS provider itself, and, who had that public IP last. And, well, cloud instances are short-lived (minutes to hours in many cases). So you could get assigned an IP that is the technical equivalent of “that house all the murders occurred in”. For us, here was the move-in day experience. Zero-hour, new instance, in Azure. Seems like 65.110.29.111 would really like to see if we are vulnerable to something (and its not just that address).

10e2abee img 5b1aa48220790

If we look at our ‘attacker’ in everyone’s favourite search engine, Shodan.io,  we see its running PHP/5.4.7 on Windows 32, OpenSSL 1.0.1c. Are they vulnerable (e.g. is this someone using them as a bot?) You bet (CVE here).

It also has PPTP open.

Lets try a new toy, Greynoise.io. It has a lot to say on this IP:

86d192e8 img 5b1aa5eb1e69a

So, well, what can you do? Not use cloud? Put in the contract you’ll only get ‘clean’ IP? Setup an HOA?