Azure Public IP addresses are detected as indexed by Shodan, indicating Internet-visible services with open ports and service banner metadata.
Risk
Shodan-visible IPs are easy to discover and target, elevating risks to confidentiality and integrity. Adversaries can enumerate banners, probe open ports, brute-force access, and exploit known CVEs, enabling unauthorized entry, data exfiltration, and lateral movement.
prowler azure --checks network_public_ip_shodan
Recommendation
Minimize public exposure: prefer private endpoints or VPN/bastion, restrict ingress per least privilege (avoid 0.0.0.0/0), close unused ports, patch and harden services, and apply defense-in-depth segmentation. Continuously inventory public IPs and rotate them if sensitive banners were exposed.
Remediation
az network public-ip delete --resource-group <RESOURCE_GROUP> --name <PUBLIC_IP_NAME>
- In the Azure portal, go to Public IP addresses and select the affected IP
- Click Dissociate and confirm to remove it from the attached resource
- Click Delete to remove the Public IP from your subscription
Source Code
Resource Type
microsoft.network/publicipaddresses