Badrap docs

# How to locate a vulnerable device

Great to see you want to fix things!

A little detective work is required. Due to the way that the Internet works, we are not able to tell you exactly which device in your network may be vulnerable simply based on your IP address. However, we can help you find the vulnerable device. If you are visiting someone else's network, we can help you report your finding to someone else.

Where is the IP address with the reported vulnerability?

  • At my home
  • Somewhere else than my home

# At my home

# Are you using your home network or Wi-Fi?

If the vulnerability was reported from your home network, the most likely candidate for the vulnerable device is your home router. Usually all other devices connected to the Internet hide behind your home router's IP address.

First find out the brand and exact model number your home router. Usually you can see these from a sticker at the bottom of your device.

Next, search for the user manual of your device from the Internet (or from your home if you have saved it). The user manual explains how to maintain your device, how to configure it and what username and password to use. The username and password can also be printed in a sticker at the bottom of your device.

Congratulations, you've now managed to locate your device and can configure it. Next read our instructions on the specific vulnerability which was reported from your IP address and try to fix the problem!

# Are you using a mobile device or a home router with a 4G connection?

Mobile networks can be more challenging in these kinds of cases, since IP addresses can move from one user to another quite quickly. At some mobile operators' networks thousands of individual users can reside behind a single IP address.

You can see under your user account details when you have registered your IP address into our service. Compare the time when you registered the IP address to when the vulnerability observation was made. If the observation has been made later than when you registered your IP, it's more likely that the device in question is yours. If the observation has been reported before, or if your current IP address is no longer the same, it's more likely that the vulnerability exists in some other user's device.

Did you manage to locate the device? Next read our instructions on the specific vulnerability which was reported from your IP address and try to fix the problem!

# Somewhere else than my home

If you received a vulnerability notification for an IP address in someone else's network, such as your workplace or a guest network at a company, hotel, or cafe, you may not be able to fix the problem yourself. You can help fix the problem by reporting it to the owner or maintainer of the network.

First things first, collect some evidence.

The easiest way to do this is to take a screenshot of the vulnerability notification shown to you by our service. You can also even take a picture of the results with your mobile phone camera - points for style are not the key here, having the evidence is.

Next, find someone who you can report the finding to:

# At your own workplace

If the vulnerability report came for an IP address at your own workplace, contact your IT support. Convey the report from our service to your support personnel and as if they know what device might be affected simply based on the IP address information. Ask also if they can fix the problem.

# Visiting someone else's workplace

Are you visiting another company and using a guest network? Show the vulnerability notification to your host. They should be able to contact their IT support team, who can fix the problem based on the data you provide.

# At school, at a hotel, cafe, etc.

Show the vulnerability notification to the staff. They should know (or at least they can find out) who is in charge of IT support and can fix the issue.