Northern Kentucky University
Rapid Discovery of Vulnerable Network Devices in the State of Kentucky
Institution
Northern Kentucky University
Faculty Advisor/ Mentor
James Walden; Maureen Doyle
Abstract
The Internet is used by billions of people; twenty-four hours a day, seven days a week, yet it harbors many potential vulnerabilities which could be exploited to disastrous effect. These vulnerabilities can be found using network port scanning tools with version identification technology. By mining rich, Internet scale network scan data, we mapped vulnerable network devices across the state of Kentucky by searching for vulnerable software versions and geolocating these devices using their IP addresses. We focused our study on Cisco network routing devices in the state of Kentucky running Cisco’s Internet Operating System (IOS) versions 15.1 -15.4. While most users don’t have such devices in their homes, there is a great chance that their data is being routed through one of these pieces of hardware, as most Internet Service Providers and corporations use Cisco managed network devices. We identified a large number of devices with firmware and/or operating system versions containing exploitable vulnerabilities that could be used to obtain unauthorized information, bypass access control, or deny service to users served by the device. Globally, our data mining found 19,141 devices running vulnerable versions of IOS, including 15,762 devices running IOS 15.1, 3,172 devices running IOS 15.2, 175 devices running IOS 15.3, and 32 devices running IOS 15.4. A total of 92 vulnerable devices were found within and near the borders of the state of Kentucky. Some of these devices handle network traffic for large organizations and media distributors. An attack on these devices could render large numbers of networks across the state inoperable.
Rapid Discovery of Vulnerable Network Devices in the State of Kentucky
The Internet is used by billions of people; twenty-four hours a day, seven days a week, yet it harbors many potential vulnerabilities which could be exploited to disastrous effect. These vulnerabilities can be found using network port scanning tools with version identification technology. By mining rich, Internet scale network scan data, we mapped vulnerable network devices across the state of Kentucky by searching for vulnerable software versions and geolocating these devices using their IP addresses. We focused our study on Cisco network routing devices in the state of Kentucky running Cisco’s Internet Operating System (IOS) versions 15.1 -15.4. While most users don’t have such devices in their homes, there is a great chance that their data is being routed through one of these pieces of hardware, as most Internet Service Providers and corporations use Cisco managed network devices. We identified a large number of devices with firmware and/or operating system versions containing exploitable vulnerabilities that could be used to obtain unauthorized information, bypass access control, or deny service to users served by the device. Globally, our data mining found 19,141 devices running vulnerable versions of IOS, including 15,762 devices running IOS 15.1, 3,172 devices running IOS 15.2, 175 devices running IOS 15.3, and 32 devices running IOS 15.4. A total of 92 vulnerable devices were found within and near the borders of the state of Kentucky. Some of these devices handle network traffic for large organizations and media distributors. An attack on these devices could render large numbers of networks across the state inoperable.