Risk Description
Open Recursive DNS

The Domain Name System (DNS) is pervasive. Collectively, we use it billions of times a day, often without even knowing that it exists. For enterprises, it's their digital identity as well as a critical component of their security architecture. In short: DNS is pervasive and there are many DNS servers on the Internet. Since DNS runs on the UDP... Read more

Open NTP

Computers and network devices have a perversely strong need to have good agreement about what constitutes the current time (accurate precision time is critical for authentication related purposes, accurate event logging, and a host of other things). Most computers stay synchronized using Network Time Protocol (NTP). Oversimplifying greatly, NTP sets the local time by checking the time as reported... Read more


Simple Network Management Protocol (SNMP) is an Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and... Read more


SSDP - the Simple Service Discovery Protocol is used for advertisement and discovery of network services and presence information. It is often enabled in customer end devices (CPEs) such as modems, WLAN modems.

Impact of running open SSDP devices

Since SSDP runs over UDP, again, it can be used for UDP reflection attacks.... Read more


CHARGEN - is a service of the Internet Protocol Suite defined in RFC 864 in 1983 by Jon Postel. It is intended for testing, debugging, and measurement purposes. The protocol is rarely used, as its design flaws allow ready misuse.

Impact of running CHARGEN devices

Since CHARGEN runs over UDP, again, it can be used for UDP... Read more


Denial-of-service attack (DoS attack) is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.

In a distributed denial-of-service (DDoS) attack, the incoming traffic flooding the victim originates from many different sources – potentially... Read more

Archived Risk Datasets

In the past, CyberGreen has been using data provided from external hosts such as the Open Resolver Project. As of September 19, 2017, CyberGreen began using its own scanning systems. As a result, we have archived all of our datasets prior to this date.

Risk Description
Mirai Mirai is malware that turns computer systems running Linux into remotely controlled 'bots', that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as remote cameras and home routers. The Mirai botnet was firstly found in August 2016 by MalwareMustDie, a whitehat malware research group, and has been used in some of the largest and...Read more