WingNews logo WingNews
top | item 44477303

(no title)

achillean | 7 months ago

Around 40,000 services on the Internet are currently including the header:

https://www.shodan.io/search/report?query=x-clacks-overhead+...

For some reason, a lot of honeypots are also using that header so I filtered those out. The number of services has slowly increased over time:

https://trends.shodan.io/search?query=x-clacks-overhead+-tag...

discuss

order

zipping1549|7 months ago

The result is very strange. It's saying that South Korea has the most number of websites with the header and yet I don't see ANY search result in Korean. No writeup or whatsoever. Wonder what those websites would be.

styanax|7 months ago

Flying by the seat of my pants, this page of information has details which we can guess at - 27,799 are South Korea, 27,690 are Korea Telecom (so close that I'll say it's a 1-to-1 match). Wikipedia tells me as of 2015, KT ran more than 140,000 Wifi hotspots.[1]

Further down the info, we see 28,587 (almost the same number as above) HTTP titles are "Gargoyle Router Management Utility" - which is an opensource variant of the OpenWRT world which patches the code to include the Clacks header.[2]

I'm going to conclude that there's a direct correlation in this data (it all being one and the same endpoint/device pattern) and that 30,000 KT Wifi hotspots across South Korea have their management UI open on the public interface and not locked to the internal network or a VPN, etc. running this Gargoyle patch.

[1] https://en.wikipedia.org/wiki/KT_Corporation

[2] https://github.com/ericpaulbishop/gargoyle/blob/master/patch...