Connect with us

Hi, what are you looking for?


Network Security

Port Scanning Project Shows Scale of Exposed Systems

Port Scanning Project Infers Security Posture by Country

Port Scanning Project Infers Security Posture by Country

Rapid7 has turned the power of its Project Sonar infrastructure to examine a fundamental question: just what is the exposure of the Internet in different national regions? While anyone will tell you that the Internet is not secure, few are able to quantify how, what or where. Rapid7’s report aims to change that.

“In terms of exposure,” Tod Beardsley, senior security research manager at Rapid7 said in conversation with SecurityWeek, “I couldn’t even tell you the top ten listening ports on the Internet. I could probably guess the first two – but there simply isn’t any easily available data on what is exposed through which ports around the world.”

The Internet, he said, is too important to the world’s business and culture not to have this sort of data available to security researchers, academics, governments and the security industry. The result is a new foundational paper published today: Rapid7’s National Exposure Index – Inferring Internet Security Posture by Country through Port Scanning. It is a port scan and exposure index of the entire Internet.

It already has value – but this is expected to be the first of regular scans. “We have the infrastructure in place,” said Beardsley. “I can’t yet say how often we will run scans, but I expect it to be between monthly and annually.” As the data builds into a Big Data source of global internet exposure, large scale national projects can be used to improve national security by understanding what to target.

It is not a vulnerability scan – it is more like a potential vulnerability scan on a massive scale. It demonstrates to what degree any particular country is potentially vulnerable through exposing critical or important assets to the internet – or simply quantifying the degree to which ‘that shouldn’t have internet exposure.’

Since different services use different ports, a considerable amount of information can be gathered and surmised in some detail. Nevertheless it is not simple. For example, it can detect what is usually cleartext email through the use of ports 25 (SMTP), 110 (POP3) and 143 (IMAP). It can also detect email wrapped in SSL (encrypted) on ports 995 and 993. But it cannot tell whether email over ports 25 or 587 are effectively encrypted via STARTTLS since STARTTLS is quietly dropped if the receiver does not understand it. “In the end,” says the report, “only a properly SSL-wrapped SMTP service on port 465 could be considered reliably encrypted.”

Nevertheless, the data available in this very first ‘foundational’ analysis that primarily sets the base-line for future analyses is still valuable. It can be used, for example, for individual governments to gauge the overall security posture of their countries. Having gathered all the data, says the report, “we can measure the overall exposure of individual nations when it comes to offering insecure services.”

Advertisement. Scroll to continue reading.

This is important. Rapid7 also looked at the SANS Internet Storm Center “and averaged the number of targets on any given day. While not comprehensive, this shows there is at least active probing occurring on all of the ports used in our Sonar study.” It is important, therefore, that those engaged in protecting the internet should have a clear idea of the size of the problem.

In 2020 Japan will be hosting the Olympics. Such events always attract considerable cyber criminal activity, and the Japanese government will already be making cyber security plans. The Rapid7 index shows that it has some work to do: it is currently the 34th in exposure rankings for the top fifty nations. The UK fares little better. Back in the year 2000 Tony Blair insisted he would make Britain the best place in the world for e-commerce. In 2016, it still ranks a lowly 27th over internet exposure. The least exposed nation is Vietnam. Switzerland and Germany lie third and fourth, with the USA at 36th. Belgium is fiftieth of the top fifty nations.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.