Waging War on an Entire City

Alright, yeah I'm gonna just assume that people are gonna intermittently just walk in and out. I'm not offended if you like walk out if you've got something you need to do while I'm talking, I don't care at all. Cool, so my presentation, doing cyber stuff on an entire city. I know you can't really tell, but I changed the title last minute. I had to change it to a little bit more of an appropriate title. No big deal, content is staying the exact same. So if everybody is ready, I'm going to go ahead and get started. So I just started using Prezi for PowerPoint. I don't know anything about it, so this presentation is all over the place. I didn't have PowerPoint,

so it's like, ah, no, just keep this. So who am I? My name's Andrew Morris. I'm a consultant intrepidist group out of Manhattan. I'm originally from South Carolina. I grew up in Columbia, South Carolina, and then I moved a couple years ago to D.C. and then up to New York, mostly because there wasn't a lot of demand for information security, and there wasn't a lot of people who were offering that kind of stuff. So that's why I'm so excited to see something like this happening in South Carolina because this is something we really need to happen. We've got the capability, we've got people who do this kind of stuff, we just need to start opening

this up and that's why I'm so excited about B-Sides Charleston and really stoked to be a part of it. Stuff I'm good at, I specialize in network penetration testing. any kind of attacks you can possibly think of, like red team kind of stuff, internals, stuff like that. I like pentesting really, really big networks. You'll kind of see that a little bit as we go forward. I like lots and lots of hosts and really big attack surfaces. I like developing methodologies for really unconventional engagements. What I mean by that is like I like strange circumstances. I like, you know, pivoting around crazy firewall rules. I like weird web apps. I like stuff like that. Like anything

that's unusual, I really like stuff like that where you have to kind of adapt, you know, dynamically. And I like being god-awful jokes. So this talk is basically about, I'm going to mention the term geographically motivated attacks a lot in this slide. So typically, kind of conventionally, attackers, when they're targeting an organization, they're gonna, well, when they attack stuff, they're targeting organizations. They're gonna say, hey, I'm a bad guy, I want to attack, you know, whatever, I want to attack a bank, or I want to attack... the United States government or military or whatever, they're going after organizations. And so when they're painting targets, when they're saying like, "Oh, I'm gonna go after Bank of America or I'm gonna go after PayPal." It's easy, you should go to

paypal.com or whatever. That's how they start their information gathering, that's how they do their targeting. They're basically targeting machines based on the organizations they're going to. the way that information warfare is progressing, the way that attackers are targeting stuff, and the way that bad guys care about stuff, with different, like, the way that the military and information warfare are starting to get integrated with one another, it's starting to be less about the organization, and a little bit more importance is being stressed on the geographical location of geographic location of where the machine is sitting. And this applies to hacktivism, people who are ideologically motivated, if you will, like Anonymous or Wallsec or any of those people. General shenanigans,

any kind of thing where it's like, if I'm a kid and I want to change the sign on a city, change the text on the sign or something like that. intelligence gathering, if I want to gather intelligence on a certain area, denial of service, crime, all that stuff. A great example of this is Stuxnet. Can you raise your hand if you're familiar with Stuxnet, what it is? Alright, most people in here are familiar with it. For those of you that aren't, Stuxnet was a piece of malware that nobody knows who developed it. It was, you know, Everybody knows who developed it. It was a piece of malware that basically went through and it infected a whole lot of computers back in 2010 and it basically checked

for two conditions. It was like, okay, I'm gonna infect a bunch of computers and I'm gonna check for two conditions. One, is there Siemens nuclear hardware attached to me right now? If yes, okay, am I geographically located in Iran? If yes, blow it up. And that's what it did. It caused billions of dollars worth of damage. And so that's just kind of an example of how geographic location is starting to come into play. When you've got factors like targeting an organization or targeting an entire country or targeting a certain government or anything like that, the geographical location of the machine in question starts to become important. So what happens when attacks start becoming more geographically motivated and when is the target organization irrelevant but the region is key?

So at what point is that line drawn? At what point am I as an attacker, am I going to say, "I don't care who you work for, I don't care who you are, I just care where your machines sit." When does that kind of happen? That's kind of the furthest side of the spectrum. How do attackers conduct operations? How is their attack methodology going to change if they're just targeting you based on literally where your machine is sitting? How are you going to change your methodology? How are people going to start doing that? What's our current security posture? What would happen if an attacker right now was like, I don't want to target your school,

I don't want to target your workplace, I want to target your city. I want to just target your entire city for whatever reason. Maybe I just really hate your city. Or maybe I'm motivated and paid by the government to target your city, or something like that. And how do we protect ourselves? How do you protect yourself when you become part of somebody's attack just based on where your computer is sitting? these are some of the things i don't talk about today so just a quick disclaimer um believe it or not i didn't break any laws while i was doing this research it may seem like it kind of gets some of the you know weird-ish stuff i'm talking about but i didn't i looked at all the laws and

good um i'm not responsible anyway for any way to use any of this information in this presentation please do not use it in any kind of malicious fashion you'll probably be arrested but if you do you tell me, because I'm going to put it on my resume, that I'm the thing to be like, no, this guy went to jail for using this cool method that Andrew Moritz wrote. That'd be awesome. So what are some of the reasons why attackers would conduct geographically motivated attacks? So it's like fast forward to 2023, information warfare is rampant, right? Everybody's just hacking each other, blowing stuff up, turning traffic lights off, blowing up power plants, changing the levels of fluoride and chlorine that go

in your water, all that crazy stuff, right? So, you know, the United States, all these other countries, they start getting sick of it and they start just blocking the entire other, like, enemy countries from their internet, their network space, their internet space. I've seen this happen right now, actually. I've worked with clients before that I will walk in and I'll be auditing firewall rules. Like, oh, wow, this is like a really weird rule you've got here. What is this rule? Oh, no, that's blocking Chime. blocking chat yeah like the entire country chat we just we don't do any business there they have no reason to connect to us we're just gonna watch it okay there's

already you know organizations that are doing this um so like in this theoretical future right um the internet's still gonna exist but it's gonna like it's gonna look kind of weird it's gonna look like a like a big segmented network you have a bunch of different like areas of the network that like certain certain countries can talk to you like certain websites that that I can go to because I'm in the United States and then you're gonna have certain countries that you can't communicate with like for example right now I think North Korea has some kind of internet I think they have like the North Korea net I don't know I have no idea what

it actually is but they have like some kind of internal segmented capability where they like you know, browse all the latest Kim Jong-un polls and look at all the headlines and, you know, stuff like that. But that's an example of it right now. Other stuff, God, I'm trying to think. You can, so like with, Syria. There was a time when Syria dropped off the internet completely, somewhere recently. It happened twice actually. They just cut off completely for whatever reason. I don't think we were really aware of why it happened. Probably, you know, stuff blown up and stuff. But like, that's a perfect example. They've like, they cut the internet, the pipes that literally come into the country so there's no internet coming in. But we still need

to conduct our operations. We're going to be supreme and we still need to gather intel. We still need to execute attacks on our enemies. Or realistically, USC computer science students want to just run a horrible terror campaign against Clemson prior to Big Thursday, which is what I would do, because I just want to scare the crap out of all of you. So conventionally, this is the way that different various kinds of attackers function. This is how we do it right now. I categorized everybody into four buckets. There are many more buckets than this, but We get your ideologically motivated attackers, which is a really fancy-schmancy word for hacktivists, like anonymous, or people who operate because of a political agenda. People who are going to conduct denial of

service kind of stuff, like your denial of service attack people. They're the kinds of people who want to shut down websites, prevent them from... I'm so sorry. Prevent people from accessing certain resources, preventing people from accessing the internet in general, because they use that as a form of warfare. People who are going to be doing intelligence gathering, when I say intelligence gathering I'm not talking about the preliminary steps of when you're attacking something, but intelligence community type intelligence. People who run operations and gather intelligence for the government. And criminals, people who are just hacking stuff to get money. So conventionally, as it applies to what I'm talking about right now, hacktivists, they write a list of people that piss them off, they find their websites, they just blow

up whatever they can that's vulnerable, they hack stuff, I guess, they deny service, they perform denial of service attacks, and they just do kind of general gritty things. Denial of service is extremely simple. They point their botnet at something and it goes down. Your intelligence gathering type people, your intel community people, they identify targets, gain access, and gather data. They focus kind of on gathering data. And your criminals, they don't even really gather intelligence because a lot of the times they're not really targeted. They just gain access, they steal as much as they can, they don't get caught. Or they try not to. And then me, people who do what I do, pen testers, we

do boring stuff. You know, we go through like proposals and like... and like hundreds of thousands of conference calls and then we identify targets. Once we actually get started, once we start running our attacks, we identify our targets, gather our information, exploit stuff, pillage, blow everything up, or not, hopefully, and then we write reports about it. Do you rollerblade? I'm sorry? Do you rollerblade? Do I rollerblade? Absolutely. You cannot be a pen tester if you don't rollerblade. I don't know how you guys know this, but if you're looking to get into the pen testing, you have to rollerblade. It was clear, it was in this movie, so, and that's ain't related to ladies. If that's not, if that's not a reason enough, I don't know ladies. So now, talking

about like how this kind of thing applies, that same thing that I just talked about, let's go back to the, back to the future, how are geographically motivated attacks going to happen? That was conventionally, how are these different, these same kinds of attacks going to happen when you don't care about the organization as much, you should care about where they actually sit. And more importantly, why are you doing certain different things? Why are you going to do your attacks in different ways? What are the things that become your concern when you're operating on, you know, like your whole goal is doing things that have like these kinetic responses on geographic locations. A lot of this

stuff is highly theoretical. And a lot of this is stuff that's, you know, It's not really feasible with where we are right now, but it's more kind of looking into the future. So you're ideologically motivated and taxing your shenanigans. So instead of now you're hacktivists who like they just hate South Carolina so much. I don't know why. and they, instead of them going after like sc.gov, that's like the logical thing that is their target, sc.gov, and every sc.gov machine, they're instead gonna just like go after the entire state. They're targeting South Carolina, they don't have to just go after southcarolina.gov. They can actually go after every machine in the state because you can basically figure

out by looking, by analyzing the P addresses, by tracing them, kind of a rough geographic location of where they are. That's not hard, we'll talk about that more later. Now you can actually, they can gather intelligence on neighborhoods. They can actually, because of the somewhat precise way that coordinates and addresses of where IP addresses terminate, because of stuff like that, they can actually go after certain neighborhoods. And so you can say, hey, if I'm Mr. I have no idea, if I'm some guy who I just hate, Jewish people. Hate them, can't stand them. And there's a neighborhood that's predominantly Jewish people. I can go after that neighborhood as an activist. That becomes my target area. I can go after everybody's

machines and everybody's devices in that area. And then if I want to just be a real pain in the ass, I can just print from every single exposed printer in South Carolina. All the ones that they're plugged straight into the internet, or they didn't do their firewalls right, I'm going to print from every single one of those. And you're going to hate me so much. Denial of service, this is actually, this kind of gets kind of crazy. Is everybody in here familiar with what a denial of service attack is? Can you raise your hand if you're familiar with a denial of service attack? Okay, basically everything. This actually takes you to a whole new level.

So if I want to execute like a geographically motivated, if I want to execute like an attack on a geographical area, I can actually execute it in Outlook Service instead of on a website. I can do it on one of the main switches that leads all internet traffic into the entire city. So I can actually DOS Charleston or do stuff like that. So I'm slowing down or cutting off the internet from everybody in the city completely because you can basically trace the route that your traffic is going to in the city. And you know that it's going to be one of our handful locations just because of the way that lines are set up and

stuff like that. You can basically, that's basically what the trace route minus two hops means. That means that I'm going to trace the route that it takes to get from between me and any given IP address within Charleston, South Carolina. And then I'm going to actually backpedal two of those hops and say, hey, this is probably a switch that's leading a lot of traffic in the city. I'm going to do a denial of service on it and really piss a lot of people off. What are some of the reasons that people are going to do this kind of stuff? Why would people perform denial of service attacks on entire geographic areas? Like media, for media

reasons. Like if they want to either, you know, they want to prevent certain news from getting into the city. The internet's tremendous for, you know, media and like stuff like, you know, Twitter and like headlines and like, you know, stuff like that. So if I want to prevent a certain, headline from getting into a certain state and I can feasibly cut off the internet to that state, like that's one reason I would do it. Psychological operations, that's kind of crazy, you can think about it. People not being able to communicate with one another, causing disarray. If you want to stir up a riot or something like that, or if you want to put down a

riot and you don't want people communicating with each other, you can do stuff like that. Elections, that's actually kind of big. When I think elections and I think of like June, geographic areas, the first things I think of are like red states and blue states and stuff like that. So like if I can cut off the internet to an entire area and people are like, I don't know, voting online or you know like doing stuff like that, I can, I can cut off, if I work for the Obama campaign or if I work for the Obama administration or whatever and he's running and there's a bunch of you know predominantly Republican states, I want to

cut their internet off so they can't vote. I don't want them to vote for my guy. So that's, that's what I'm going to do. Finance, I don't know if there's a way that you can basically cut off, you know, like certain areas that run certain businesses to influence the way that their prices are, like they influence their stock prices so that they go down or go up so you can influence the market. I don't know. War, actual war. If I want, you know, this is a reason that you could, that you're gonna execute denial of service attacks. If I want to prevent my, if I know that Miami has an operations center center where they're

running attacks against me on the internet, I would much rather just cut off the entire area from the internet and have them not be able to hack my stuff. You could feasibly prevent mobile data from reaching people's cell phones by figuring out the switches that, like the endpoint switches for when it's hitting the internet and hitting those really hard so that towers can't give you internet anymore because the data can't come through. So you can hit those over, you know, to a certain extent so that people aren't receiving mobile data and stuff like that. You can perform a denial of service on somebody's wallet by DOSing exposed the management interfaces on exposed ATMs, which I

thought was absurd, but they exist, they're real. There are people who have ATMs that they just plug straight into the internet that have management interfaces. And you're like, oh, yeah, that seems like a great idea. Let's plug it straight into the internet. That's cool. Can you tell us where some of these ATMs are? I can. I'm actually going to get there. So there's actually, as a side, Jack Barnes was a security researcher who did a lot of research on ATMs. He passed away. A couple months ago he was supposed to speak at Black Hat this year. Super, super, super smart guy. He did a lot of really crazy research on ATMs. Look him up. Jack Barnes. He basically did this talk where he was like, oh yeah, no problem.

I got a bunch of ATMs and I figured out I can spit out cash by hacking into them over the internet. No big deal. And I'm like, oh, that's cool. I'm just doing a presentation on apps and stuff. But yeah, so like, you know, with his research and the kind of stuff I'm talking about, you could actually say like, oh, I only want to target ATMs in Charleston. And I only want to target, you know, I want to get them to all spit out cash and have everybody run out and just stand around ATMs and try to figure out which ones are spitting cash out. So for people who are operating within the intelligence community,

this is actually pretty self-explanatory. You can think of a thousand reasons why the people that are operating within the intelligence community are going to care about the geographical region. That's what they care about. It's easy. If they can pop boxes in a certain region and turn on cameras and microphones and stuff like that, they're definitely going to do that. That's a great source of intelligence. Other kinds of attacks-- watering hole attacks are really big. where you've got your attacker who's, if they're targeting a certain area, they're gonna go after a website that they know that all of the demographic of people that are in their target group, a website that they're all gonna go to,

and they're gonna pop that website, they're gonna compromise that website, and they're gonna put up malicious code that compromises people's machines when they visit that website. I guess that happens a lot too. IP cameras. If you want to scan the entire city of Charleston for exposed IP cameras, you can look at the streets and look in people's hotels, which I accidentally did, and browse through these stuff. And it's really cool because there's a lot of people that don't put passwords and stuff on it. So if you're going through your results, you're like, oh, cool, that's somebody's backyard. Anything from finding your friend's Minecraft server, and you know he lives in Greenville, but you have no

idea what his IP address is, so you're like, oh, damn. I'll scan the entire city of Greenville, how many Minecraft servers are there going to be? I'll tell you, a little bit. To pivoting from one nation to another based on their diplomatic ties. If I'm attacking Canada, and Canada has to block everybody, but they haven't blocked the United States, and the United States is open to everybody, and I am... an enemy of the enemy of Canada, I'm going to go after the United States and never pivot into Canada because they're the only people that are connected. So there are a lot of different use cases. And then crime. I don't know about you guys, but

if I'm a criminal, I'm definitely going to attack areas that are in regions that have no cybercrime. That's what I'm going to do. So I can't possibly get arrested. That's what I'm going to do. Or I'm just going to attack rich heroes. There's always that off chance that you're going to have that home computer network that has that gaping security hole in it because you had the tech who thought he knew what he was doing but he did not. And there's a good chance that you're going to see one of those in a really... What do we do about it? I have no idea. It's not even a problem yet. So this is really, really

hard to speculate to. I had a bunch of really ridiculous ideas and they make no sense, but they're better than no ideas. Red teams, like police forces, right, that actually do this for, they operate for your state, they work for the state, and they say like, "Hey, there's police officers right now that walk around and say, 'This doesn't look like it, this doesn't look very safe. I should tell somebody about this. This car window's down, or this guy's getting his crap kicked out of him over here, I can do something about it.'" But we don't have anything like that at the logical level. Once you plug something into the internet, it's like it just disappears

into this ether and it doesn't matter where it is or anything like that. If there are people that actually know the IP space of certain areas and we take it upon ourselves, would we have been able to stop the South Carolina breach that happened that screwed probably everybody in this room? I mean, if we cared about security at a geographic area, we had maybe like tax dollars that went towards something like that, just light, light, light vulnerability assessment on a massive scale where it's like, you know, a mile wide and an inch thick, could we have prevented stuff like that? Proactive stuff? No, probably not because everybody gets so mad when you try to report

vulnerabilities and that's the wrong mindset. But if you look at it in another way because people are like, no, you can't, I I don't want to know about these vulnerabilities, you're hacking into my stuff. No, I'm trying to help you. If we can adopt that kind of mindset, I think everybody would be in a way better place. Automated continuous monitoring. So if your internet service providers actually turn around and scan you a little bit, and they tell you if you've got certain network ports that are open that you shouldn't, and they just shoot you an email and say, hey, yo, I understand you You can opt out of it and say, "Hey, we noticed that

you get this hole here, we're going to send you an email just so you're aware of it." Blah blah blah. Your firewall's not looking too good. Which brings me to my next question. Let's say you're pentesting the city of Charleston, which would be the coolest thing in the world. How would you do it? How would you go after an entire city? How would you, instead of targeting, instead of attacking a one one company or one person or one set of machines or anything like that, you're going after an actual area. You want to cause mayhem and all this stuff in an actual region on the map. How would you do it? Well, I kind of,

I mean, I didn't actually attack anything, but I looked at some network statistics of the city of Charleston, just out of curiosity to see what we look like. So when you get down to it, there are 630 class C's that are registered. Charles is off the ground. What that means is, for non-networking people, that means like, There are basically 630 network blocks, small network blocks that are associated with Charleston, South Carolina. That adds up to a total of 161,280 IP addresses. An interesting statistic, does anybody know off the top of their head how many people are in Charleston? It's like 70,000 in Charleston, 70,000 in North Charleston. Does that sound kind of accurate? Anybody? What I found is that with

certain areas, it's actually kind of interesting. There's basically one IP per person. 125,000. 125,000? Okay, so not far off. Thank you. So, so far we've narrowed the city of Charleston down to the size of a medium-sized enterprise network. We can do that. We can work with that. How long does it take to scan every single device in the city of Charleston for a single open TCP port? Well, it takes about 5 minutes and 13 seconds. And that's if you throttle it down to 50 megabits per second, which I did just so I wouldn't piss off Lightnode, who are the people that I go through to do all my scanning. And they've sent me a line.

These are some of the statistics that I found when I was scanning the city of Charleston. I found that there are 4,176 web servers sitting in Charleston. There are 175 devices that are misconfigured to have SMB for those of you that aren't aware, SMB is like the Windows, it's a Windows service that is used for mapping shares and exchanging information and executing commands, something you do not want to have facing the internet. And there are 175 of those people that just, they're like, nope, we're good. Media ships. Going back to the Windows SMB servers, some of those were actually vulnerable to remote exploits. You could just pop them right there. And it's like, are you

serious? And media servers. So this is people who stream their iTunes and stuff over their network or whatever. There are actually 29 servers set up in Charleston. You get free music. The thing about it, though, is that you don't get to choose what music you listen to. You're actually listening to somebody else's music. But if you get lucky, you might find somebody who listens to the same music that you do. RTSP is a real-time streaming protocol. A lot of IP cameras and quite closed-circuit television. It's not really closed-circuit when you open it up to the internet. But a lot of like television and stuff like this feeds to the internet. There's 42 of those people

that are facing the internet. They're like, "Yep, come watch my camera feeds." SIP. I actually messed up the SIP word. It's not port 5069, it's port 5016. Sorry about that. SIP is like VoIP phones. Phones that you use to make phone calls with over the internet. There are 109 of those facing the internet. These are not necessarily all vulnerable. These are things that should not be facing the internet unless, you know, they are supposed to be It's just an interesting statistic. You can make free phone calls. Minecraft. There are 14 Minecraft servers currently hosted in Charleston, South Carolina. It's a video game. It's a lot of fun. I actually connected to one of the guys' Minecraft servers. He had a really sweet castle. I wasted a little bit of

time. There are 23 of those exposed ATMs that I was talking about earlier. 23. It's not even that, like, it's not that hard to, I don't know, I mean, these are like legacy, these are legacy problems. They're getting their ATMs installed in the convenience stores or whatever and they just like, they get a guy to come in and do a T1 or like a connection straight to the internet. They don't realize that You can too. You can do all this research. What do you need? You need ZMap, which is a port scanner that's really fast. It's not the fastest, but it's really, really fast. And it just came out like six months ago or something. It's fantastic. Nmap is the de facto port scanner. Our map isn't exactly

as fast, but it's a lot more robust. You can do a lot more stuff with it. And then Geodude.

Geodude is a service that I built. Me and a coworker of mine, who he actually did the majority of the programming on it, my buddy Sean Evans, who I used to work with, like the smartest guy I've ever met in my life. He's one of those people you meet and you're like, I just want to quit everything because But it's basically, we built this database that basically, so conventionally when you want to get geo data on an IP, what you do is you're like, okay, here I've got this IP address, I want to know where it's actually sitting. I want to know what state it's in, I want to know what country it's in, I

want to know what zip code it's in, I want to know what, you know, stuff like that. I don't want to do that. I don't want to take an IP address and get geo data. I want to take a geo area and get IP data. But there's no database to do that. So we built one. We took the Maxline database, which is an open source database, and we reversed the whole thing, ripped it apart, and basically I developed a really early implementation for it that was god awful. I wrote something that basically... It was just the absolute worst way to do it. And it took 40 minutes per query. So it was like, oh yeah,

I want to query every single IP address in China. And it was like, yeah, no problem, 40 minutes. I was like, that's not what I want to do. So then we ended up moving it to SQLite. We rewrote it into like a database so that you could run queries against it and we had that working so that it would take about two minutes per query and it would take like 40 minutes to build the database whenever it updated. And then we moved it to MySQL which took basically the exact same amount of time and we were getting really frustrated with it so we actually used something called Elasticsearch, which Elasticsearch is the coolest thing in

the world if you've never used it. If you're working with massive amounts of data, we had 15 million IP lines that we were working with. It was pretty big. There's 4.5 billion IP addresses on the IPv4 spectrum so we wanted to register data for all of them. So yeah, we Elasticsearch is the coolest thing in the world. It handles tremendous amounts of data very, very quickly. So we ended up building into this Elasticsearch database, which is also, it supports distributed computing, so like you can cluster it and stuff like that. It's really, really neat. And it's actually, it's very easy to use. There's like one guy who does the entire Elasticsearch project. I don't even

know who it is. This is what it looks like. This is the GeoDude API that we wrote. It supports a couple different kinds of searches that we wrote. I'm releasing this, so you can use this. You can play with this. The caveat is, it sucks right now. It's buggy. There are things that we need to work out, but I can't really complain because my buddy, who was helping me with all this research, He did most of the programming behind it. He was the one who made it good. I made it suck, and then he made it really good. So it works. You can do stuff with it. You can query all kinds of-- this is

disgusting, by the way. It's really ugly. It's really hard to read. So we have other-- formats that are easier to read if you use it in the terminal. So basically this query right here at CodafSummit, this is querying geodude.us/cgi-bin/geotest.py. We wrote it in Python using CGI, which was actually really easy and recommended to anybody. And then you put in your API key, which are-- that's where I'm going with this rant. And then I wanted to search everything in South Carolina and the United States and Denmark, South Carolina. I don't know if you guys are familiar with Denmark, South Carolina, but it's not a big place. There are 90 IP blocks. So there are about 2,000 IP addresses in Denmark, South Carolina.

Yeah? So I'm releasing this. So basically, I don't want to release it to everybody, to the public, because I know there's bugs in it. I want it to look prettier before I do that. But I'm going to show my email address here at the end. And if you want access to it, anybody in this room or anybody that's watching it on the internet, shoot me an email. Just send me an email and say, "Hey, I saw your talk. I think you're really stuck, but I want you to send me an API key." And I will. I will send you, I will create you a user, and you can make any queries you want. The kinds

of queries that you can make are, "Oh, these are some interesting-- I'll come back to them." Queries, yeah, there's a CD query, so you can say, "I want every single IP address in the city of whatever." There's a state query, where you can say, "I want every single IP address in the state of whatever." There's a zip code query, so if you want to get more into neighborhoods and saying, "I want to scan my neighborhood," you can search for zip codes. There's a coordinate box query, which this is actually kind of cool, what you can do So it takes two parameters, one that's a top left coordinate and one that's a bottom right coordinate. And

it basically draws a logical box on a map around that and gives you every IP address that falls within that box. So originally I was going to do a really cool Google Maps feature where you pull up Google Maps and it's going to write this API for it. And you just clicked it and dragged it and it was going to look so bad ass. But I suck at programming, so I didn't do that. Couldn't really get it out in time, I hate JavaScript, so I had a little bit of a tough time with that. And then there's a nearby query, which this is actually kind of fun. What you do is you query for the

nearby search type and it goes, yeah, yeah, we're gonna, and it gives you, it basically gives you every single IP address that's within a one mile radius of the originating request. So if I'm sitting here right now and I get on the internet, I think I am on the internet, I'll do it. But like you can query for regions that are, you can query all IP addresses within like a one mile radius of where you're sitting. Or like a five mile radius or a hundred mile radius. Oh man, I just realized I have no idea what to do. You guys are gonna see my API key, that's cool, I'll probably just change it. This is

the nearby search. Oh, I messed it up somehow. This is exactly what I was afraid of. Doesn't work either. Yeah, a lot of demos, man. I'll try to fix that later. But basically, you can make these queries where you say, I want every IP address within one mile of where I'm sitting or within five miles of where I'm sitting. And it basically gets the circumference of the area around you. And it pulls all those IP addresses so you can scan all the computers that are around you approximately. Yeah, email me for an API key if you're-- what is going on? Email me for an API key if you're interested if you want to play with this kind

of thing if you want to contribute to it or anything like that Does anybody have any questions about any of the research that I did? Any of the problems that I ran into anything like that? Yes? So you're reversing your IP space to try to figure out what IP address you're at. Yes. Validating that they actually exist there. Because you're just doing like a few ways No. So, exactly, that's a great question. So the question was, am I validating, am I doing any kind of validation once I, you know, pull the information for, from my database? Am I validating that it's actually there or am I just pulling like who is and what can be

done with that? What I'm doing is I'm pulling the way that we built our database. We basically took an open source geodatabase that already exists on the internet but it only works for querying one IP address. and it's the MaxMind database, and they update it regularly. So they do their updates on their side, and then because it's open source, we can use it. So we took that and we rebuilt that basically just so that it's logically different in a database format so that we can query regions and receive IPs instead of giving in an IP and receiving where it is. So basically we just restructured the way that the data is put together. Does that

answer your question? I have no idea. I did so much research to try to figure it out. They're a commercial. They have stuff they sell. I think they have some proprietary means of acquiring that GeoData in the first place. I didn't want to use somebody else's database. I wanted to gather that data myself, but I ended up just not being smart enough. Does anybody else have any questions? Yes? So how is your database different from the IP location database where there's you can download and it has all country codes, zip codes, geolocation, all that. Why couldn't you just query that database instead of building your own? That's a great question. The question was, why couldn't

we just use another open source database that already exists on the internet, which has the geolocations, the coordinates, the zip code, the geo, all that stuff. Why couldn't we just use theirs instead of ours? So the reason that we couldn't do that, and I looked into that because I'm so lazy and I wanted to do as little work as humanly possible. So I was like, dude, I'll steal somebody else's. It's awesome. But I couldn't do that because basically the challenges that you run into are everybody, they build their database in such a way that it's structured so that you can ask for one IP address. You give it one IP address and it gives you

back all of the information on that one IP address. There are no databases on the internet that you can say, "Hey, I want to draw a box around an area, and I want you to give me every IP address that falls in that box." Because I'm not really as interested in the micro, like the one IP, and like analyzing one thing, as much as I am with targeting the internet and just narrowing it down based on logical groups. Does that make sense? Yeah, I'll give it the F. Okay, cool. The reason that I'm giving this is because I probably am doing a hundred thousand things wrong that I could be doing way easier, so I'm

actually really looking forward to that. Does anybody else have any questions about any of the research, any problems I ran into, anything like that? Nope, going once, going twice, awesome. It was awesome speaking for you guys, thank you so much for having me. You get a really good code or just access to your web? Oh, I mean, you can take the code if you want it. I'll give it to you guys. I'm going to give up. Do what? I'm going to give it up. I should do that. I'm really conscious about the code that I release because I'm such a crappy developer. It doesn't matter. We're all crappy developers. But my buddy wrote a lot

of it. I'll show you my parish. I could build my good man. You waited too long to release. If you're not embarrassed by your code, then you waited too long. Yeah, right. Cool. Thanks, guys. So on the schedule, we originally were going to have a talk during lunch, but they don't want food in the room here, so we have a nice vendor who has gotten food for all of us. Qualis. Qualis? Qualis. So everyone, thank Qualis. They're... We're going to take a break here and everyone grab some food, relax here a few minutes, and we'll be back here at 12:30ish. Room 315 upstairs. Okay, we do have a room 315 upstairs, or you can just hang out in the

atrium here. That was good, man. I'll be out there in two seconds. Hey, man, John. John? Yes, Andrew. Andrew, I don't want to bother you with that. Please. I work at a, I work at a, so, like,