SSL research
13 May 2006 Last week I wrote a script to check the SSL certificate of a HTTPS webserver.For the last week, I've been scanning the internet to see how serious people are about the validity of SSL certificates.
I've scanned 502638 hosts on port 443 in total.
There were 332075 unique IP's, which makes me wonder how good the random number generator of bash actually is ...
From all that, I determined the following:
| IP Class | Amount |
|---|---|
| 0.0.0.0/8 | 1406 |
| 10.0.0.0/8 | 1311 |
| 127.0.0.0/8 | 1505 |
| 172.16.0.0/12 | 76 |
| 192.168.0.0/16 | 5 |
| 224.0.0.0/4 | 27679 |
| 240.0.0.0/4 | 20442 |
| real internet | 279660 |
| Class | Amount |
|---|---|
| Valid | 232 |
| Invalid | 83 |
| Not SSL | 307 |
| Connection closed | 4990 |
| Unreachable | 274048 |
This is very poor ;)
Maybe I should find a list of working HTTPS ports before I try scanning again. Just poking around in the dark is of no use.
About 74% of the working HTTPS hosts has a working SSL certificate. That means it didn't expire...
I suppose that's not too bad.
What I'm more interested in, is what those 307 hosts are running on the HTTPS port, that doesn't provide an SSL certificate.
Let's look at the certificates themselves now.
| Certificate | Amount |
|---|---|
| www.snakeoil.dom | 12 |
| HP JetDirect | 12 |
| Fortinet | 2 |
| 127.0.0.1, 1.1.1.1, 192.168.x.y | 7 |
| Vigor Router | 3 |
| localhost | 34 |
| firewall.domain.example | 1 |
| WRT54G | 2 |
| IOS-Self-Signed-Certificate... | 1 |
| SpeedTouch | 2 |
There are some interesting devices there. Some printers, some firewalls...
Internet is such an interesting place, wouldn't you agree ?