Most of the ATG services exposed to the internet seem to be honeypots. GasPot[1] is easy to set up. Looking at ATG services on Censys[2] while filtering out hosts with hundreds of open services (likely honeypots) shows 132 services (as of writing). This is pretty far off from the 11,000 claimed by the article. Including those assumed honeypots still yields less than 700 results[3]. If you poke into some of these you can see that they aren't actually gas stations, but some other tank in the middle of a farm field that is running the protocol.<p>[1] <a href="https://github.com/sjhilt/GasPot" rel="nofollow">https://github.com/sjhilt/GasPot</a><p>[2] <a href="https://search.censys.io/search?resource=hosts&q=services.name%3A+atg+and+not+services.truncated%3A+true" rel="nofollow">https://search.censys.io/search?resource=hosts&q=services.na...</a><p>[3] <a href="https://search.censys.io/search?resource=hosts&q=services.name%3A+atg+" rel="nofollow">https://search.censys.io/search?resource=hosts&q=services.na...</a>
This is extremely irresponsible and there's no excuse for the article as written. You don't provide an instruction manual on on how to mess with 11,000 gas stations without at least documenting some ways you tried to deal with this another way before just publishing it on Medium.