Este informe identifica los dispositivos que tienen un AMQP (Protocolo de cola de mensajes avanzado) accesible en el puerto 5672/TCP .
AMQP es un protocolo de Internet abierto para mensajería empresarial. A menudo también se usa para la administración de dispositivos IoT.
Aunque permite comunicaciones encriptadas a través de TLS, muchas instancias en Internet están configuradas para autenticación de texto sin cifrar y uso compartido de mensajes. Además, en el pasado se han descubierto múltiples vulnerabilidades en las implementaciones de software de intermediarios de AMQP que pueden permitir la omisión de la autenticación, la interceptación de mensajes, la ejecución remota de código o la denegación de servicio y otros ataques.
Para obtener más información sobre los esfuerzos de escaneo, consulte la página de resumen de escaneo de Internet.
Este informe fue habilitado como parte del proyecto INEA CEF VARIOT de la Unión Europea .
Nombre de archivo: scan_amqp
CAMPOS
| timestamp | Hora en que se sondeó la IP en UTC+0 |
| ip | La dirección IP del dispositivo en cuestión. |
| protocol | Protocolo en el que se produjo la respuesta AMQP (siempre TCP) |
| port | Puerto del que provino la respuesta de AMQP (generalmente 5672) |
| hostname | Nombre DNS inverso del dispositivo en cuestión |
| tag | Establecer en amqp |
| asn | ASN de donde reside el dispositivo en cuestión |
| geo | País donde reside el dispositivo en cuestión |
| region | Estado/Provincia/Región administrativa donde reside el dispositivo en cuestión |
| city | Ciudad en la que reside el dispositivo en cuestión |
| naics | Código del sistema de clasificación de la industria de América del Norte |
| sic | Código del sistema de clasificación industrial estándar |
| channel | Canal utilizado |
| message_length | Longitud del mensaje |
| class | Clase de la conexión |
| method | Método utilizado |
| version_major | Número mayor de la revisión del protocolo AMQP |
| version_minor | Número menor de la revisión del protocolo AMQP |
| capabilities | Lista de funciones admitidas |
| cluster_name | Nombre del dispositivo AMQP |
| platform | Plataforma |
| product | tipo de producto |
| product_version | version del producto |
| mechanisms | Métodos utilizados |
| locales | Idiomas disponibles |
EJEMPLO
"timestamp","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","sic","channel","message_length","class","method","version_major","version_minor","capabilities","cluster_name","platform","product","product_version","mechanisms","locales"
"2021-11-28 00:05:05","35.195.237.181","tcp",5672,"181.237.195.35.bc.googleusercontent.com","amqp",15169,"BE","BRUXELLES-CAPITALE","BRUSSELS",519130,,0,509,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify,connection.blocked,consumer_priorities,authentication_failure_close,per_consumer_qos,direct_reply_to","hip-hound","Erlang/OTP","RabbitMQ","3.6.10","AMQPLAIN PLAIN","en_US"
"2021-11-28 00:05:05","185.116.202.73","tcp",5672,,"amqp",60720,"RU","MOSKVA","MOSCOW",517311,,0,509,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify,connection.blocked,consumer_priorities,authentication_failure_close,per_consumer_qos,direct_reply_to","rabbit@04d578d6125e","Erlang/OTP 20.2.4","RabbitMQ","3.7.4","AMQPLAIN PLAIN","en_US"
"2021-11-28 00:05:05","198.244.131.119","tcp",5672,"ip119.ip-198-244-131.eu","amqp",16276,"UK","LONDON","LONDON",518210,,0,509,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify,connection.blocked,consumer_priorities,authentication_failure_close,per_consumer_qos,direct_reply_to","rabbit@s1","Erlang/OTP 23.3.4.7","RabbitMQ","3.9.7","AMQPLAIN PLAIN","en_US"
"2021-11-28 00:05:05","165.227.125.217","tcp",5672,"sr-demos.docq.app","amqp",14061,"US","NEW JERSEY","CLIFTON",518210,,0,509,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify,connection.blocked,consumer_priorities,authentication_failure_close,per_consumer_qos,direct_reply_to","rabbit@sr-demos","Erlang/OTP 22.2.7","RabbitMQ","3.8.2","PLAIN AMQPLAIN","en_US"
"2021-11-28 00:05:06","62.171.144.82","tcp",5672,"postal.laptoplifestylevip.club","amqp",51167,"DE","BAYERN","NUREMBERG",518210,,0,509,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify,connection.blocked,consumer_priorities,authentication_failure_close,per_consumer_qos,direct_reply_to","rabbit@postal","Erlang/OTP 23.2.3","RabbitMQ","3.8.14","AMQPLAIN PLAIN","en_US"
"2021-11-28 00:05:06","95.89.220.196","tcp",5672,"ip5f59dcc4.dynamic.kabel-deutschland.de","amqp",3209,"DE","SCHLESWIG-HOLSTEIN","KIEL",517312,,0,327,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify",,"Erlang/OTP","RabbitMQ","2.7.1","PLAIN AMQPLAIN","en_US"
"2021-11-28 00:05:06","122.162.39.218","tcp",5672,"abts-north-dynamic-218.39.162.122.airtelbroadband.in","amqp",24560,"IN","TELANGANA","HYDERABAD",517311,,0,509,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify,connection.blocked,consumer_priorities,authentication_failure_close,per_consumer_qos,direct_reply_to","rabbit@none-of-your-concern","Erlang/OTP","RabbitMQ","3.6.10","PLAIN AMQPLAIN","en_US"Fuente: https://www.shadowserver.org/what-we-do/network-reporting/accessible-amqp-report/