Console & Mobile Terrarians - news for 18.104.22.168!
iOS and Android 22.214.171.124 out now. PS and Xbox should be very soon. Switch and Amazon are in submission. Great way to end the year - everyone on the same version of Terraria! More details HERE.
You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
I get connections like that all the time whenever I leave my server up. Think of it as white noise. If your firewall/router allows it, just add a block rule for connections from 126.96.36.199/17 (CIDR range) and they won't be able to bother you anymore.
It's more of a what than a who. It's a search engine that indexes internet devices that are publicly available. See https://www.shodan.io/ for their website and what they do. They present themselves as a legitimate service, but the whole concept seems a bit scummy to me and I have no qualms about blackholing their traffic.
1. We crawl ~260 different ports/ services on the Internet and sometimes those overlap with Terraria game servers. However, our crawlers don't know how to properly speak with a Terraria server. In this case, port 5007 is also used by the MELSEC-Q protocol developed by Mitsubishi; i.e. it's crawling for publicly-accessible industrial control systems. See also:
2. Shodan is used by law enforcement, universities, security companies, and businesses both large and small. People have been privately doing similar things like Shodan for decades, it just wasn't well-known outside of the security community. And we take numerous steps to limit abuse: if you don't create an account you can't use filters and you can only see 10 results. If you login you can only see 50 results. To see more than 50 and have access to some more advanced filters/ data you have to provide payment information. And we have a few more things in-place to prevent anonymous access. I believe it is vital to understand the Internet empirically so we can make better decisions based on data rather than opinions.
3. I didn't think Shodan would ever get as popular as it did so when I chose the name I did because:
a) I love System Shock 2
b) It is easy to type
c) Other gamers would "get" the reference
Keep in mind that the initial purpose of Shodan wasn't for security, it was to have a tool where big companies could find out who's using their products, where their customers are located, whether patches are being applied etc. And of course they could also get that information about their competitors. At the moment, a lot of that information is gathered by phone surveys - I thought that collecting the information directly from the Internet would be a more accurate/ reproducible dataset.
Anyways, as mentioned above you can always just add the IP to your blacklist and we've setup reverse DNS entries so you know when the IP connecting belongs to Shodan!
Don't get me wrong, I'm not saying you're evil or anything. The name is cool, much better than something like Global IoT Audit LLC, but it does have slightly creepy concoctions... which are not particularly helped by you popping up like that I might add.