A Dashboard of the Internet (or at least some of it) - Harrison R J

I'll do a quick clap just to >> All right. Since uh the last one I've run a little bit, we'll just start immediately. Okay. And the screen's turned off. Okay. Cool. Right. A dashboard of the internet. So, first of all, before I start talking about anything, I went over who am I, right? I'm Levi, also known as Harrison, also known as Soy Mills. You might have seen three different graphics relating to me because we printed them at different times and I kept not deciding on who what I should be called. um currently a student at BEu, but also suffering from employment and in a blood crunch act with the guys from 2600 about running conventions. So, what you'll be seeing

today in this quick 20-minute talk is what first what Showdown is, and you might go on a little safari and find something funny, something disturbing, something interesting, and just figure out that the internet is just still a mess despite what companies want you to think. Um, building this dashboard of the internet that I've lured you all into listening to. um and some stats about them. But so showdown, right? Put your hands up if you've heard of Showdown. >> Good. Most people. Um so Showdown, it's essentially another dashboard of the internet, but you're allowed to search by IP address and other things that these IP addresses return. So for example, you might search um for a wide

variety of things like open IP cameras or VNC controlled machines. So VNC being u another way to remote remotely control a computer. Some of these are unauthenticated. You might definitely not find unredacted versions of the Epstein files. That's that's definitely not on the internet. Um North Korean IP addresses and computers relating to their to their internet. And um obviously metrics about all the other computers because people want to figure out how their servers are running. Um so first open IP cameras, right? So, it's surprising how often people leave their cameras unsecured with no password and just you can just search camera and showdown. It'll come up with a list of pictures of things you can find. There's

sometimes people's living rooms. Thankfully, there's never anyone in them. At least times I've accidentally scrolled past them. Quite often 3D printers and such. Um, definitely not drug farms. That's completely legal, I'm sure, in the country where that camera is. cow farms where they've also left the controls for the for the lights inside the farm enabled. So, you get some uh you get some interesting interesting footage. You've also got um VNC enabled machines. So, as I said before, another way of remote controlling them, but it's more commonly seen on sort of industrial machines. So, you got the sludge volume meter. That one's a a machine that controls the sludge volume. I don't know what, maybe waste processing facility or

something. Um you've also on there got you might be able to see besides Bournemouth down there that that comes on a little in the next one some other computers just terminals more industrial machines but then you can then also search for whether these are authenticated or not and so you can log into them without any authentication download a VNC client of your choice type in the IP address and you can control it it's really just that simple and so um I I didn't I I would never do anything like that because that's that's illegal under uh the Computer Misuse Act, you'd never access anything without authorization, but it so happens that one of these um VNC machines was running

Firefox and so it so happened to browse by itself to besides Bournemouth website just to show you that it does appear on Showdown that you might might have visited that website. There's also some other stuff like um this website computer.web um with sorry one second computer.bc Web VNC resolver is a little project someone runs that allows you to randomly go through a list of open VNC machines that they've found. It's just a little project to help uh bring awareness to how unsecured they are. And so this one here, you can't really read the text from that back there, but at the top it does say United as in United Airlines staff management. So there's Yeah. So,

you know, I imagine that's quite an old screenshot considering that UI looks like it's from 2019, maybe the 1800s. I can't tell. Um, but what else? Um, yeah, definitely not the Epstein files and some other stuff. So, some people like to host their files on on the internet. You'll get file directories. You can search for these by a common search term of index of slashfiles. You search that in showdown and you'll find lots of servers that have their indexes publicly exposed and some of these are contain interesting things like read out some of them. You got um MK Ultra MP4. I just don't know what's in there. Um Jeffrey Epstein little blackbook un unredacted. Yeah. So there are some

there are some files in there. You'll probably mostly find people's media preservation servers. It's not piracy. We don't condone piracy around here, right? It's definitely not a convention for pirates. Um um but you'll also find North Korea as we said before. So you can see all I typed in was country North Korea or NK and what came up was what is it KP? No, it's I think it's NK their country code. And you what you can see is a uh a few of their web pages. So from there, not propaganda, but more I guess it to allow the outer world to try and see some of the news and maybe uh change their political views on North Korea, but you

can find some interesting pages. And you can see that some of them are running Red Star 4.0 OS, which is a funny little operating system made by North Korea specifically for their computers. It's all hardened everything. There's I'm sure you can Google it. There's a lot of information about it, but it's quite quite interesting that does come up. They're also really vulnerable. like Showdown's identified 105 at least CV 9.0 vulnerabilities on that web server alone. So I'm not sure if those are actually actionable or not, but it's funny that they're there anyway. And then computer metrics, coming back to the actual topic of this talk. Um, so I search Node Exporter and what's that? 49,000 results coming up on Showdown.

That's quite quite a few computers, right? So, we got to build the dashboard now knowing knowing this information and using Showdown to figure out these computers. So, the tools are we using Prometheus. Put your hand if you've heard of Prometheus. Only a few. I imagine you're all CIS admins of some degree or you have a home lab. Um, and are you right? Oh, the little notification top left. Okay, that's fine. Um, Prometheus is a open-source computer metrics and data like collation platform. It's paired with a program called node exporter where you put that on a computer, you run it and it will expose metrics over HTTP about that computer. So CPU temperature, disk writing, network traffic, all that

business and it's great. So you can implement it with lots of other programs, build dashboards and etc. One of those for dashboards you might use is Graphana. Graphana again put your hands up if you've heard of Grafana. Most people that's interesting interesting that people have heard of Grafana but not the metrics that go into it. But obviously Grafana is a bit more than just using using it for Prometheus. You got hundreds of plugins. It's pretty it's easy to set up. So I'm sure most of you know this. So now now that we know the tools and how we're going to get these IP addresses just using the Showdown CLI. So the command line interface tool you

can you can download or just curl. Um searching for the phrase that you saw earlier, node exporter. And it only downloaded 287,000 IPs. I know it's a little sad. It's only only a quarter of a million. Um, but yeah, and I I thank my uh unnamed enterprise sponsor that allowed me to use their key to do this because I the personal keys don't have enough space to download 287,000 IPs. Um, so once you've downloaded all those IP IPs, you might try and set them up together and then you've run out of memory. Okay. Yeah. So setting up the dashboard, running it, I went, "Oh, okay. I'm only connecting to some of the computers out of the all all of the 287,000 I've

downloaded. That's And then I go to check task manager. Why my computer is slowing down and I've hit 99% memory usage. It's about to blue screen, right? So it it has blue screened twice actually, coincidentally. Uh but in order to fix this later, it may be wise to distribute these across multiple computers and then have only one graphana so it doesn't it doesn't break. Um, I tried to set up a nice little dashboard that we could that everyone in here could access, but again, as you might find out, my computer is not anywhere near strong enough to allow more than one visitor at a time, barely touching the dashboard, and the data would keep doing weird

things. So, did the dashboard work? Sort of, right? just just so you got some I got some interesting metrics but I spent quite a while wrangling the uh the computer that was doing the scraping as I would run it it would run fine for about 5 minutes and then suddenly all the metrics would just disappear from my computer it's like oh okay wonderful just why don't know the highest amount of computers I connected to was 150,000 nodes at once but I only ever saw that once so on average it was more like 20,000 computers connected to the same time, which I think is still not bad, but obviously only a tenth of the 287 that I actually downloaded, which is

upsetting. So, might come back to this later. But some of the fun stats we found were I calculated all the uptime of all the computers that they've exposed uh in seconds. And that comes out to, you know, a nice cool 125,000 years of total uptime across 20,000 computers, which is just just a little bit, right? So, I might need to turn some of them off, reboot them. They've been on far too long. there was um some of the nodes exposed a uh a hardware monitor for the CPU temperature being minus273 degrees C. I I don't think that's right. Um last time I checked, I couldn't get it to show again, but there was also um

Germany which showed uh a computer being 7,000 degrees Celsius. So, you got you got both ways, you know, maybe they balance each other out or maybe that's the thing causing global warming. Who knows? Um, what else you got? Oh, yeah. And then just the inverse of that graph. So, I got the average. I should probably explain what the uh what the graph actually says on there. So, the along the bottom is the two-digit country codes. Once I scraped the IPs from Showdown, I sorted them into their country codes, added them as jobs for Prometheus to scrape, and that's why it's sorted by by their countries. Some of the countries showing constantly 100° C. Maybe that's just

their CPUs are just melting. They forgot to turn the CPU cooler on. Maybe they need to repaste it or something. Um, but there's there was so much more data to sift through. Running it at 5 minutes of time, I had to keep deleting the data because it would generate I think about 15 15 20 gigabytes of data in about 5 minutes. Just a bit too much to look through by hand. Um, so but I might revisit the project in the future or if people want to see the data, I can post the uh what I gathered and also the all the IP addresses so people can scrape them themselves with larger distributed computing. But yeah, it's I'm sure

there's more interesting metrics like does anyone want to think of an example or if anyone wants to shout an example that you might think of that a computer like a metric related to computers because I think that was I think >> are these random? >> Yeah, these are random computers that I found just across the internet that have these metrics. So actually another one there was um the total combined RAM of all the computers was 2.42 pabytes of RAM which is just a little bit. >> Yeah. The OSS of the exposed system. Yes, that would have been a good one. And then show like a maybe like a cloud graph of like all the the big words of

the different ones. That would have been that would have been a good one. See, it's just I'm not a data scientist, right? So, I don't really know what the [ __ ] I'm looking for and I'm just randomly writing stuff up and clicking buttons and and then going, why does this not work? And then restarting the VM over and over again. Um, oh, and you Yeah, in the brief it also says, how can you secure some of these nodes? It's I mean it's not important to have the node secured because they only expose HTTP just a plain text HTTP page with no no inputs. So you can't really can't really exploit it if you wanted to. But if you

need to um they recently implemented HTTPS with basic authentication so you can just simply add add an extra layer and then prevent people like me from just quickly logging in and scraping it. I don't know why you'd need to do that but you can. I guess it might make it slower but that's really it. It was quite a short talk, but uh yeah, thank you. I'm surprised that actually this many people came into the room to be honest.

So, you've probably got enough time to run over to Will's talk if you want to go see it as well. Just the end of it. Um there's also some of the list of the uh the tools in use there. >> So, was >> Yes. Yeah, that's that's a good one. Questions. Hello. >> If somebody um gave you a GPU, would that >> No, there's unfortunately none of it's really GPU related or at least if it if I can make it use a GPU. I don't know how to um I'd have to look more into that. I think the way I should have done it is bunch of buy of uh bunch of buy a bunch of smaller VMs, rent a bunch of

VMs on the internet and then spawn lots of Prometheus scrapers on those and then set those to one region each. So then you have to scrape a smaller amount all at the same time and then point those all back to one one dashboard. That would then run a little bit better.