Who Owns the Internet? AKA: Where did all that cyberspace go?

BSidesLV 2010

Presented by: Jason Ross
Date: Thursday July 29, 2010
Time: 17:00 - 18:00
Location: Track 1
Track: On the Keys

With all the talk about IPv4 address scarcity, and the resulting migration to IPv6, I thought it'd be interesting to see how the IP space was chopped up. Additionally, I figured it'd be interesting to see what organizations were responsible for various network blocks. So, I've started enumerating the whois space and am tracking that information. I plan to make the results of this categorization available to the public, since whois is public anyway, despite various NIC's attempts to claim the data contained therein as proprietary.

<p>The end result of this effort will be a SHODAN-esque interface to WHOIS that allows interested folks to access the information without having to deal with pesky NIC formatting differences and hunting down referrals. A potentially useful side effect for pen testing is that one could query an organization's name and return a complete list of netblocks associated with that entity. There's likely a whole lot of other useful graphing and analysis that could be done with this, but I'm just working on getting the data populated and stored for the moment.</p> <p>To my knowledge, such a thing does not currently exist in a central location, and a format that's dynamically queryable by the public. The closest thing to this I'm aware of is robtex, which doesn't permit mass lookup of IP space based on org name/description, and requires lookups to be per netblock/domain (as opposed to permitting a dump en masse of the entire ip address space).</p>

Jason Ross

Jason has been performing application, host, and network based attack and penetration testing for 6 years, and has more than 10 years experience hardening systems and IP networks. For the past 4 years he has been an active member in several vetted security groups which research malware and work to contain emerging internet threats. In his spare time, he runs the Rochester DefCon Group, DC585.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats