Este informe identifica hosts que tienen Elasticsearch ejecutándose y accesibles en Internet.
Por sí solo, Elasticsearch no admite la autenticación ni restringe el acceso al almacén de datos, por lo que es posible que cualquier entidad que pueda acceder a la instancia de Elasticsearch pueda tener control total para hacer lo que quiera con ella. La sonda que se utiliza es una «GET / HTTP/1.1» enviada al puerto 9200/tcp.
Consulte https://www.elastic.co/products/elasticsearch para obtener más información sobre Elasticsearch.
Para obtener más detalles sobre la metodología de exploración y una actualización diaria de las estadísticas globales de exploración de Elasticsearch, visite la página dedicada a la exploración de Elasticsearch.
Para obtener más información sobre los esfuerzos de escaneo, consulte la página de resumen de escaneo de Internet.
CAMPOS
| timestamp | Hora en que se sondeó la IP en UTC+0 |
| ip | La dirección IP del dispositivo en cuestión. |
| protocol | Protocolo en el que se produjo la respuesta de Elasticsearch (siempre TCP) |
| port | Puerto del que provino la respuesta de Elasticsearch (9200/TCP) |
| hostname | Nombre DNS inverso del dispositivo en cuestión |
| tag | siempre será elasticsearch |
| version | Número de versión de Elasticsearch |
| ans | ASN de donde reside el dispositivo en cuestión |
| geo | País donde reside el dispositivo en cuestión |
| region | Estado/Provincia/Región administrativa donde reside el dispositivo en cuestión |
| city | Ciudad en la que reside el dispositivo en cuestión |
| naics | Código del sistema de clasificación de la industria de América del Norte |
| sic | Código del sistema de clasificación industrial estándar |
| ok | Indicador de que todo funciona correctamente (solo presente en instancias de ES anteriores a la versión 1.0) |
| name | El nombre de identificación (trivial) de la instancia de Elasticsearch |
| cluster_name | El nombre del clúster de Elasticsearch al que pertenece la instancia (si corresponde) |
| status | Por lo general, «200», lo que significa que todo funciona |
| build_hash | Hash de la versión en ejecución de Elasticsearch |
| build_timestamp | Marca de tiempo de cuándo se creó la versión en ejecución de Elasticsearch |
| build_snapshot | Si las instantáneas están habilitadas |
| lucene_version | Versión de Apache Lucene que usa Elasticsearch |
EJEMPLO
"timestamp","ip","protocol","port","hostname","tag","version","asn","geo","region","city","naics","sic","ok","name","cluster_name","status","build_hash","build_timestamp","build_snapshot","lucene_version","tagline"
"2015-05-27 19:57:23","101.227.67.200","tcp",9200,,"elasticsearch","0.90.2",4812,"CN","SHANGHAI","SHANGHAI",0,0,"true","F1",,200,,,,"4.3.1","You Know, for Search"
"2015-05-27 19:57:23","122.13.16.182","tcp",9200,,"elasticsearch","1.4.4",17816,"CN","GUANGDONG","GUANGZHOU",0,0,,"Abominatrix","elasticsearch",200,"c88f77ffc81301dfa9dfd81ca2232f09588bd512","2015-02-19T13:05:36Z","false","4.10.3","You Know, for Search"
"2015-05-27 19:57:23","94.70.203.209","tcp",9200,"host1.inlinkz.ondsl.gr","elasticsearch","1.4.4",6799,"GR","ATTIKI","ATHENS",0,0,,"Captain Barracuda","elasticsearch",200,"c88f77ffc81301dfa9dfd81ca2232f09588bd512","2015-02-19T13:05:36Z","false","4.10.3","You Know, for Search"
"2015-05-27 19:57:23","94.23.199.67","tcp",9200,"ns302583.ip-94-23-199.eu","elasticsearch","1.4.4",16276,"FR","NORD-PAS-DE-CALAIS","ROUBAIX",0,0,,"Controller","elasticsearch",200,"c88f77ffc81301dfa9dfd81ca2232f09588bd512","2015-02-19T13:05:36Z","false","4.10.3","You Know, for Search"
"2015-05-27 19:57:23","91.98.96.118","tcp",9200,"raymand.biz","elasticsearch","1.2.2",16322,"IR","TEHRAN","TEHRAN",0,0,,"Taskmaster",,200,"9902f08efc3ad14ce27882b991c4c56b920c9872","2014-07-09T12:02:32Z","false","4.8","You Know, for Search"
"2015-05-27 19:57:23","144.76.137.134","tcp",9200,"static.134.137.76.144.clients.your-server.de","elasticsearch","1.0.3",24940,"DE","BAYERN","GUNZENHAUSEN",0,0,,"Boom Boom",,200,"61bfb72d845a59a58cd9910e47515665f6478a5c","2014-04-16T14:43:11Z","false","4.6","You Know, for Search"
"2015-05-27 19:57:23","203.88.167.157","tcp",9200,,"elasticsearch","1.5.0",10098,"HK","HONG KONG","QUARRY BAY",0,0,,"aliyun-hk-data08","bigdata_es",200,"544816042d40151d3ce4ba4f95399d7860dc2e92","2015-03-23T14:30:58Z","false","4.10.4","You Know, for Search"
"2015-05-27 19:57:23","31.210.46.170","tcp",9200,"trvds4.aysima.net","elasticsearch","0.90.0.Bet",42910,"TR","ISTANBUL","ISTANBUL",0,0,"true","Silver Fox",,200,,,,,"You Know, for Search"
"2015-05-27 19:57:23","210.172.143.105","tcp",9200,"ceru-misc-210-172-143-105.interq.or.jp","elasticsearch","1.2.3",7506,"JP","TOKYO","CHIYODA",0,0,,"spr1pro01-02",,200,"4596e81285d3c1a1609c8382b1e804115ef610fb","2014-07-23T13:16:05Z","false","4.8","You Know, for Search"
"2015-05-27 19:57:23","216.118.88.157","tcp",9200,,"elasticsearch","1.2.4",8001,"US","NEW JERSEY","CEDAR KNOLLS",0,0,,"Radian",,200,"11689ab5f166203d21f1a3c566fe8e96b1d4cd75","2014-08-13T14:09:19Z","false","4.8","You Know, for Search"
"2015-05-27 19:57:24","173.236.91.109","tcp",9200,"node02.tmddedicated920.com","elasticsearch","1.3.1",32475,"US","ILLINOIS","CHICAGO",0,0,,"SugarOJM",,200,"2de6dc5268c32fb49b205233c138d93aaf772015","2014-07-28T14:45:15Z","false","4.9","You Know, for Search"
"2015-05-27 19:57:24","52.7.129.120","tcp",9200,"ec2-52-7-129-120.compute-1.amazonaws.com","elasticsearch","1.5.2",14618,"US","VIRGINIA","ASHBURN",454113,596101,,"Alysande Stuart","elasticsearch",200,"62ff9868b4c8a0c45860bebb259e21980778ab1c","2015-04-27T09:21:06Z","false","4.10.4","You Know, for Search"
"2015-05-27 19:57:24","166.111.134.51","tcp",9200,,"elasticsearch","1.4.4",4538,"CN","BEIJING","BEIJING",0,0,,"thu-pc51","thu",200,"c88f77ffc81301dfa9dfd81ca2232f09588bd512","2015-02-19T13:05:36Z","false","4.10.3","You Know, for Search"
"2015-05-27 19:57:24","85.214.96.159","tcp",9200,,"elasticsearch","1.5.2",6724,"DE","BERLIN","BERLIN",0,0,,"Slug","elasticsearch",200,"62ff9868b4c8a0c45860bebb259e21980778ab1c","2015-04-27T09:21:06Z","false","4.10.4","You Know, for Search"
Fuente: https://www.shadowserver.org/what-we-do/network-reporting/open-elasticsearch-report/