GNUCITIZEN Country2ip

778 views
719 views

Published on

GNUCITIZEN presentation on hacking GEOIP databases

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
778
On SlideShare
0
From Embeds
0
Number of Embeds
29
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

GNUCITIZEN Country2ip

  1. 1. country2ip mapping entire country netblocks
  2. 2. Done already publicly? <ul><li>Probably not (according to Google) </li></ul><ul><li>We found many “ip2country” services, but NOT “country2ip” </li></ul>
  3. 3. Registry DBs (whois) <ul><li>Interesting fields </li></ul><ul><ul><li>“ country:” </li></ul></ul><ul><ul><li>“ inetnum:” </li></ul></ul><ul><ul><li>“ NetRange:” </li></ul></ul>
  4. 4. Mapping Methodology <ul><li>Generate random IP address every X seconds (bash bots?) </li></ul><ul><li>Make whois lookup to random IP address </li></ul><ul><li>Grab netblock and country code and write to a database </li></ul><ul><li>Simply query a geoip DB </li></ul>
  5. 5. Problems <ul><li>Country to which a netblock is registered is NOT necessarily the location of the servers using IP addresses in that netblock </li></ul><ul><li>Many others!!! </li></ul>
  6. 6. Applications for this data <ul><li>Electronic warfare </li></ul><ul><li>Legal port-scanning </li></ul><ul><li>Exploitation of international politics for crackers when breaking into computers (finding hopping point in Cuba to attack a machine in the US?) </li></ul><ul><li>Any other ideas?  </li></ul>
  7. 7. Open source geoip DBs <ul><li>http://www.maxmind.com/download/geoip/database/ </li></ul><ul><li>http://tqmcube.com/worldcidr.php </li></ul>
  8. 8. Lame PoC <ul><li>http://ikwt.com/projects/country2ip </li></ul><ul><li>Security monkeys that researched this topic: </li></ul><ul><ul><ul><li>pdp [http://gnucitizen.org/] </li></ul></ul></ul><ul><ul><ul><li>pagvac [http://ikwt.com/] </li></ul></ul></ul>

×