How one line of Python can bring your network to its knees

um so let's kick this off and I actually probably won't beat you the whole time if it turns out the presentation doesn't have I guess the number of five that I thought of how we need and yet I think you'll get from the grade out of it and maybe over have a chance to have the rocket motors announcement so the idea is peculiar network of one line of - my name is Austin and by day and Pio for family hook is an accounting firm in Shawnee Oklahoma and my specialty really is an area securities and so I did enjoy dinner mighty call it and they kind of get bitten more II think about security issues and how to

make sure ii emotional tension so that's where put my learning as well when we see i poppy and and you know again that's the kind of things that make me interested so what i do hope the interactive affairs I will start with a quick who is a weight their control past everything didn't respond I know not to tell you I'm next so what about that you got even feels completely humble with every aspect if you get close to a most part an above-average show here in two pieces how about you know any for network network ten testing of what that means intensity so we do have people in the eighties for that undercover are and I'm

going to give you enough background on what I'm talking about I tell you maybe on those areas with a connecticut if you'll kind of get wearing them and we'll keep on what happens at Otis i've written the won't cover towers work stuff I didn't know about it whatever thirty father's going to do with her patient I can't really control a realized I am doing you know and if going to one that would love you know good learning contain part of the Oxfam about how our tracking and new weight of chaos and someone using the Python whatever questions you want so I already talked a little bit about why here I love security and II thought panic starts at

smart for a little bit I do love pretending for applications this time I guess that that I was born a positive I didn't ever

I've said this well so I sat down and realized this will happen all right this is a graph and bigger seeing through the graph of all militant things right the green part suppose B what you know the blue particle um now there's the thicker the stuff you don't know you don't know right that's the big part of the stuff we we thought we understood or or never you thought we needed to understand oh the boxing pedigree and by the way for me to bring I'm free part of potters pretty small it doesn't really register your boat so here's why I did them here's how it works and they called address resolution protocol and it's part of the peeps get back so if you're

going to be working on a network operating on a network exchange mistake right if I am going to exchange a packet with somebody in this room your your global addressable light Geograph doesn't do me much good because in order to get to you I just have to throw it out in the network and hopes hope you saw it right and yours I've actually probably work on pave is very efficient and says what I really want and the way numbering first off required as I need to know what your what's called a immediate access control address it or hardware address there many different names with it so when I throw it out and wired the switch that were both

connected to delay and let's actively that goes keep right over here and she's read with it and it's very efficient right right to you how short switches try to but when it first started out I'm seeing that that hardware tracks on your measurement workers under the name Joe in networking terms I know you're wanting to want to be a one that one or maybe I use know your answer right and then the intense results of 191 to be a point of order and I didn't earth were all familiar to the field will occasionally and have to use that even if you don't like PCIe so many engaging on the addressability point funny bit to the local network

level that's when the magical art happens and that is this package in all the way across PNM and they are trying to figure out the graphic and so it throws out on the network that's basically question to ever like hey who is jump right pal Bob and you all listen there nobody knows or illy too hard know and except for the one who is and you reply with a pout here's my method earth here's my media controller and you for that for now and I know that because going to score that I'm going to go to booking and so from now on actually ended and so tactics look like this and you can see that happening by the way I

don't show me screenshots here but I'm Marshall Wireshark is amazing fool that word learned about networking you just run Wireshark it's a free online today is coded million PC and he has reported and it just starts like showing these packets of habits and academia we're flying on a little bit of time to start to understand what those evil and this particular one is an address revolution text and it basically said 101 thoughts 200 ok so frozen in Eric said well here's my hardware guys and I want to talk and my I Peter and I want to talk to 200 but you know 200 are very trip somebody with yours I and by the way the

operation I'm using is one which in art means it's request so this is what happens every time every time you painful idiots every time a packet goes on the network it actually does staff happy and it's been cooler for be in our gives actual respond so 200 is sitting there coming up I recognize my Peter that's great I will respond with here's my negative good morning I heard and I know where dependency I don't have to broadcast it anymore you also have other gear in response you'll give your back the initial request or here is multi response that I know where said mister natural a different implementation differs of someone actually local casters on common

don't you're selling do that let it happen then there's this thing called fortuitous intuitive art have you ever heard of man middle so I'm in the middle of a lot of times is accomplished by confusing the problem by finding a fertile is are extended all the sudden I say hey I'm Joe and I'm from room sending you're packing one month of goes back they're very satisfied I'm off but if I can convince everybody in England Joe anything they have to say to do it all the sudden comes to me who and I can even make joke unaware that I've already gone secretive to him so he's still giving all the challenging on the third is his funnel thirteen

and included these packets to show how that happen so if your tune is request happens like this and they're valid reasons for the pilots is why when you're tuning security again you think you hear that you think no money and without idea why should that be allow what to stuff it up at it well that breaks is included also means your whole network expanding disarray so we think are necessary this happens for example when IP address changes have member for give some blue mountains or if like say a and viral babes over for something they need to kind of rip it apart otherwise you're dead we and you want to get they overdo it asking and

additionally an example where to go for two arcs are good which things can be used for poisoning add sub sub senator first of all addressed is 130 abrupt in everyone and assertive first process is one pointed and so that's a basically something saying - it's one convert l1 Hey who's Joe by the way tell me because I'm Jeff Telles let me hear that okay Neverland I don't know do this but now you hold me do is you so long though that I'm going to stick that right in your cache and now from now on one of your death well again in legitimate terms a router picked over you need this is important this is what Ichigo and so for poisoning

this is what happened so here's an illustration for example total bad weather this many continents with that Elizabeth and notice that will talk about earlier if you've ever used at air cap Peter Tabitha Castle Arizona call on amazing feels very cool preventing animal experimentation for a drain out specific French security hanging in ever if you're doing research surveys it's a security issue by mint will use it experience border but people to what equate involves is complete a hit record attacker on network and saying hey target computer I'm going and he by the way routed I'm the car computer and all the sudden both a December wedding here is the concert path to the attack so it is packets then again flows

through sensors you can consent them good train in which you want it's potentially fatal danger to children so the question is so I know this is something that we get into the place where it's our teaching you all how to be happy per packet because some of the tools that you need to have work research and we're swimming I got to that point wrote the total didn't work it's completing our replies are on the wire why does he that does the EC say there's a conflict in other words why doesn't just end up together you are crazy I'm Joe and by the way we have problem who's ever seen an accurate comprehensive has a hospital attorney

yes good percentage of people what why did that happen over my mind that's because the the art process was observed by the D team originally and EF do that is not so I started thinking well that because the reason it doesn't with a man and wind it doesn't have a problem if you have those packets are broadcast well then that's not the case here it is I mean but that's not the only reason because the code I wrote would like specifically trying to help Joe that I'm Joe and the PC is just ignore I'm their voice like you know I think let's meet the real answers because that's not how I get your conflict work that's not how

more people driven so won't again if you ever going to be like intense deep research I'm sure all of you input on the time you PR see you can spend all day long and people blogs and get a lot of bad information lots of that information to accept into but if you had a really kind of your estate they were the original super white for common tale that stayed the standards he's made to designing your interface comes up and down so acquired interest you send an art pro and then when no respond to receive and you get you send in ARB announced and I now engine I hate anybody else out there just imagine -

that's the problem I directly if Phil answered I would say wait today without faith we have public knowledge don't forget telling the it avoid conflicts that's what we're trying to do in part probe and now well in my head private accounts are requests and we were talking that's what they say they might be broadcast right because they're requesting a clock that's absolutely wrong so when you get right down to it it looks a lot of pain but a president's special thing in art world if they were suppressed or basically that you sent from your magic right and you don't clean any idea of beauty I'm filling in right I did that this year so that mean saying hey here's my physical

address I don't know do I do you um and I don't know where where this is ailment does anybody know who does it was special kind of request that basically elicit response from the other side without doing something important here's the paper is it's without causing problems with people type of our cash because normally when you go to take that ethanol out under your partner amount of your name everything but that's not what it's trying to do kind of specifically avoid conflict and then finally happy announced which is okay I'm seriously just it looks unlike any of the oil art stuff which is if you understand that and basically you can create ethic and I'll show you here in just a example I

was going to do able things gab again in this in this tent ended up not having a solid but this is if you understand this chart you can nuke Lewbert Google the word cocky and about five minutes and wrapping packages so it's super cool and popular so I realize why I need to do create bonus announcement though this announcement which basically it's just in a broadcast everywhere saying I am NOT playing at address I'm kind of care when they also design lining this idea the key to the whole thing is you know the operation still want so in other words it's very very much like and normal reply well it's much more like an announcement but this is a gallon of

elopement it's very much by using a normal robotics except I am basically showing my sender and targeting painting and so that you're asserting that this is who I am on the mapping a night that's what would happen right if you are already applied to make a note the cool bits are really cool and novel implementation important cause so providing a man-in-the-middle awaiting minute a man member is to prevent an arrest four percent prevents a particular port from inserting more than one hour ago all right and keeps people from monkeying around and a lot of times the implementations of our art watch will go better society put some of these mitigation things are looking for specifically for replies

poison apply things they're pretending like I'm replying to ugliest to go is up me and if you're too mean I know that really and the request on the other hand is will thanks Thank You way to like hey Sally and Joe I'm at the front of the room so yeah I I'm not replying gratuitous like so it's not what's called bridges are promiscuous art is to replied and no question looks a lot and said this is the question and turned out that the artist we again that if you sure somebody asking a question and we can record that information running for future news so I also employees and everybody's are just like asking the question well that doesn't trigger a

logic is a tribute attentions left right as a trigger to trigger some work our are going watch anything with them again it just doesn't know so anyway if you're looking for the code in one line that will cause problems in never employees that occur this is snaps cabbies amazing tool take out five minutes I was I had installed on my macbook and solvent in Windows Linux and I think about to interrupt in TV package this packet of egg and of the enemies on the code one argument so one thing you're essentially like this package both example Alyssa what I'm trying to get porn idea it doesn't in case only go from 191 58 out the Sun

when I say 0.13 256 although it's going to move through them for black box has a lot of fat in this range of 130 256 I'm going to go ahead and send the destination everyone and say by the way I am you like it right and once I figured out that he is is a formal request which is the tall file you see it here that the opcodes request magic happen we invent or additive give you it's causing some really bad reactions and so basically this is your one month out I recommend not writing a bond a matter and was here wanted okay it wasn't a group lazy not like that

are you right there are a lot to get by but don't worry it's only worth coming with the safe line okay Tom I want to drink through to that CC I'm just doing pain from one location to the other so this is the 100 and the 200 bad reference and then I'm going to paste the code remember it's all for this day of is reading for them I take the pill and I was hoping to lately again pause for effect to discover eat it's working and I'm going to go over here we'll see how long the tape shouldn't take very long what's the only tape oh it's perfect oh there it is nice so here is basically

my mattock bang oops somebody else is using aren t address try connecting again later and I mean it season it says I'm off I use got dumped and there what is there's the lens instead of ours you know less time mostly it's replied to this thing line code one of them about 101 going hot and basically the code and spices Gorillaz daddy is a cycle for the 120 babysit insert your ownership in alligator that's not Frank in the session when I absolutely should not be popular for something so simple my belief interval between cycles per second so we go all the way detective all them again so you're not really late yeah it is not to

a Louisville regatta China Pokemon Express and I am I did and I was service kind of trick it happens that means you had what like a little Chanti switch that isn't Harold doing good oh this is running on it so very perfect dealer and so there's no way I would over lifting that leg I simply had Adam Lee right here and these two guards just like hot dog like absolutely within ruled ruled layers if I wait up to e to mitigation on club for new books or iPhones appoint because again I've been fooled captain is super cool anything this morning it's not income I'm paying hate comes it over I'm not a builder and half half life is

its encoding but mainly i google google google hope their since I've let's try that modified a little bit upstream to here with this file passport and that means as coding in in fact I've never done anything emotional problems this is the challenge to do in one line and in that way that has kind of I would try to do it so how do we prevent this anything cisco certified by people so the inverse infection rate which typically relies on the dhcp clinton and i before start again typically relying on inpatient unit which is all the basically what that means is when we all come in number we did IP addresses by acting for them from server so you specify a server and

make sure that maybe you'll take that role and then add that happen you eventually keep track of those two switches right I thought and gentle with it I thought I was you know Saladin that everything's good something about I saying I'm Jenna places like actually no you know good legislation is equal to cooperate so we've got that packet a terminal that of course not everything we HCP but it was a lot of people use a secure print a lot of service money ensures good practice to use VSEPR surveys so and instead you have to statically assign eight noes to that in political articles and and maintain manually right now sir one have this HDL certitude of the place he

thinks of them now have to be made in positive clubs are you have batteries which a member and we should make that basically I can figure out whatever their hoses the other tools like Art Walk Shankar will capture article which show our beautiful open-source tools that sort of monitor right and soon as they see those shenanigans on one thing I don't think that personally Valley and Bob all ones there's something going ok then it sort of lurks you keep early dreaming about it just works and so my graduate course would be to make sure that the IP address or our clocks was enlisted taken at the time and I wouldn't give it work because it

would be death that's the idea anything anything goes no counting always that other way the spaghetti can you email dividing line mountain ain't on your side yet the lung there's Lane hildreth and my little Hilary come at me either place and I will email the whole site at sea I didn't know is that i what happened with this video the daily rise up and as well I'm a collective that way you can see that or or you can come I mean this amazing or even big expense yeah so will that but that flash here on actually means this is this for anybody that has entire coded and can use that convention of MapQuest just think I'm

continuing the same line so if you were actually tightens and you would type it all I mean if wanted to the backlash so that does mean I'm continuing the same command you to put it anywhere in here so it just means to language I'm not done tightening right I rented a feeling I'm gonna keep driving but literally from gear over here including a classic animal famous line and will cause any system in your network to be able to do I know there's actually a lady in limitless to register at the register to affect whether or not something will essentially try to certify the dress or not and the default is to the kid I put

on servers especially I would say it's probable works and research you all would prevent that arrangement and of course the real risk is not us running on a khaki having is happier on and if mean and announced on but I have no fear that somebody's going to Dublin our acting first line there you know what I fear is that from an aisle servicing home we have so many I achieve by entertaining devices so I mean we now know that television saying thanks to the latest drop from WikiLeaks right that we have tons of the buses including television I don't you know pretty simple is including approvals I think old guys especially when almost every parent worlds have some sort of

vulnerability well how do you patch up in high tax base in primary button in 2009 that's your to use everything in the world because it is personal amy parmenter it's harness I figure out mitigate members love and some of these things are difficult so if he is a deep be aware that it is knowing how to you know it's an fail to say production in is its Beth but detection of enormous price so it's great you can stop it but what happened happened to make sure if it happens we know about it so that's why our box is important is because you may be able to prevent things from taking never and momentarily but if you can quickly locate the source

of that disturbance and and your solutions a little communist because ultimately you can find that hard to address of asserting things in half this which is fourteen a leaf right in front of ground okay get that Joker further out right you can quickly do that and that's the golden image detection and mitigation unfortunately I've had a lot more important to on preventing this kind of in mess but again hopefully that exist specifically at things in town I do think that in fermentation same point at very much work this is only one of many many things came to community have the control port security and emphysema and when you bring the for incontinence for most uninsured bill as

a service these are the kind of things that again with one eye appeal I could have become in a sort of rampant throughout the world that whatever I wanted that a if I have people those I bring em your network and right network and power network and everybody else in our times mania and so somebody figures out which port on the switch have a bad time that might be fighting when teapot date on some networks i some some outlets there so yeah crazy it's just in portfolio such as all things add up to I don't know what to do right after Sony debt but therefore avoid a million buttons I mean very tough I mean definitely many

things you have evening questions or whatever

[Applause]