 Good afternoon everyone. My name is Zaffan. I am one of the leads of the knock of DEF CON. Thanks for being here. Um the last time we had one of these was DC-19 at the Rio so it's been a while. So through all the year we always get like questions how we do the network here and the network keeps changing over and over like different properties and things like that. So we submitted a talk. It got accepted. We hope you guys enjoy it. So starting with the most important introductions. Who are we? So I said already who I am. So we're just going to go around. I'm going to ask each one of you to say your name or handle. Say what you do here at DEF CON. How many years have you been gooning with the knock or with DEF CON? Um if you want you can say what you do for your day job and what do you do? Exactly. Right if you're in offensive security, networking, blue team, whatever. So turning over to Mack. Hey everyone. I'm Mack. I'm the number two in the knock. Uh responsible and this is like DEF CON 11 or sorry 11th DEF CON for me. Uh so I'm responsible for a lot of the core infrastructure and overall planning of the network. John? You going down the line? Yep down the line. Get in the lineup. Hi I'm John. I'm uh Colin's Wi-Fi bitch. So I basically do stuff for Wi-Fi. Uh this is my third year officially and I've been a friend to the knock uh for a long time before that. My day job is working for the Wi-Fi vendor Aruba. And I think the reason that they asked me to be part of the knock team is they were too cheap to pay for a support contract and if they wanted like firmware updates they know that I can get that stuff. So I can think of no other reason why I'm here besides that. Hi my name is Phil. I uh I work with the knock. I am not part of the knock. I kind of am. I'm the uh regional infrastructure manager for Caesars Entertainment. I help them set up their network around the buildings. I escort them here. I escort them there and help them put their equipment in. Without Phil with these screws. Hi everyone my name is Moncy. I'm the knock's tribute. This is my third year. So all the gaff tape and running around. That's essentially what I do. Thanks. Hi my name is Price. Um this is my third year. I took a couple years off. Um I'm a runner for the for the knock and my day job I build automation frameworks from the ground up. Hi my name is Colin. Uh you can find me underscore CRB on Twitter. I am the I guess boss of John. Uh I'm the wireless team lead and uh my day job I work for CDW as the wireless technical architect so I've been doing wireless for you know about ten years now. Hi my name is Jared. I'm an alcoholic. I've been doing this for I don't know seven, eight years. Something like that? Yeah fuck I don't know. Um I do wired site. Hey I'm Nick. Also um C75. Um this is my fifth year. And I do wifi reg and other miscellaneous things. Um my day job I'm the head of security at a cryptocurrency exchange called Kraken. Um and I also run drunk hacker history here at DEF CON. So tonight at eight o'clock um plan a Hollywood mezzanine stage. Join us. My name is Mike or Sparky. Um I've been with the the knock for sixteen years. Um I guess that makes me the most senior one. Um yeah except for I'm not the boss. Uh I run like operations set up teams uh for the knock and my day job is uh point of sale applications. Hi I'm Spencer. Uh I do most of our monitoring and wired switch config stuff. Um not most of that. I help with that. Uh for my day job I'm a reverse engineer for Cisco Talos. Hey um wish uh this is my second year gooning. Um I help with all the taping and wiring stuff and stuff. Hello I'm Tofer. I just showed up to the knock this year. Uh yeah. Um this is my second year gooning and I just work here. I'm fifth for death. I am actually number two to Phil. So I work for the casino and do executive with Phil does. So yeah this is my uh sixth year. And I'm uh dedication and I think I've been here for four years because I'm really good at building network cables. So we just want to highlight that the the team itself has got a mix of backgrounds and skill sets and that's one of the things that we really value inside the knock. Um you know going to the anyone can be a part of the knock. Obviously there's there's some some requirements but you know knock people can come from anywhere. So we're just like you. We even allow Canadians. Yeah. It's true. Grandfathered in. Alright. So that's that's about us. Um you know what do we do? Who do we help out? Basically we provide the core infrastructure that all the villages, press, contests, speakers, closed caption, DCTV, Roots, everyone connects to. Um and we also provide the wireless for everyone. You know any of the attendees here. Um and we've done a bunch of different things inside of each of each of these have their own requirements, their own needs and we try to satisfy and help out as many people as we can. Um you want to talk? Okay. So a long time ago, a long time ago being 11 years. So that's my memory. Uh we'd usually arrive sometime around you know Sunday night get started on Monday and would work through the week. We've started moving that a little bit closer uh in the last few years just because there's a lot more properties, there's a lot more people and there's a lot more going on. But it really comes down to you know just like you build out any of the foundations for other networks you got to have your wired in. You have to have your core in. You have to get your wired out to all of your edges. You have to get access points hung. You have to get them you know pulled back. You have to connect for everyone's there. Um and then conference starts and it becomes a whole lot of you know uh last minute requests, sudden requests, issues, etc. Um so this kind of leads into we moved a little bit earlier this year. I arrived Thursday week before to get stuff going. Um and it's actually been a fairly smooth year I think. Although I'm totally jinxing it right now. Um so we'll see what happens. Especially after the DNS talk and half hour ago. At a boy. Um so that's it. I mean there isn't a whole lot to the complexity and we'll totally go into questions in a bit. And you can ask what you want about the infrastructure. Um thank you everyone. Thank you. There you go. Thank you guys. It's not, it's nice to be the speaker. You have people bring you stuff. It's cool. You should submit. Thank you DCTV. Thank you DCTV. Um so that you know again not a whole lot there uh from the uh the complexity of the infrastructure side uh or the wired side. So now I'm going to talk about the wireless. Colin? John? Yeah? Sorry I bring open up here. Actually before. Sorry what I forget. No no come up. Yeah. Part of this present this is not a presentation. The idea is to be like you guys interacting with us and asking questions and so on and so forth. So instead of like trying to break the ice a little bit. Wi-Fi has a lot of information uh that I think is going to sparkle some questions in your mind or things that you already want to ask us. So John and Colin they're going to go through the wireless stuff but in the meantime take notes uh we want to hear questions from you guys otherwise we're not going to be here for the remaining 80 minutes. So as Mack and Louise mentioned um there's a lot of pre-con stuff that we do and specifically with the wireless if you guys have been coming for a couple of years you know we've changed venues. We've expanded uh we were at Caesars last year. A little closer better. Um so that's a challenge for the wireless. We're trying to put RF in different spaces. Um usually we're going to try and do some sort of a site walk through if it's a totally new property. Just so we can get an eye on you know what things look like. Um I do predictive planning using a cool a tool called EkaHow. So we actually take some time to see you know will this amount of APs cover where we think it will. Uh we also have the fun sort of situation where I'd love to give you guys more access points to have more wireless. We've got a limit on drops. There are not infinite amounts of drops. And where I want an AP doesn't mean there's going to be a network connection to feed that AP. So there's there's compromise in some of these spaces and we got to kind of work with that as as necessary and things change from my original plans. On top of that I'll tell you guys that the the folks that do the DEF CON planning do a great job of accommodating and moving things around but what's in what room is in flux so long up until we get here that I kind of take first shot at design and then we know we got to change it. Um we also stage equipment so all of our stuff gets stood up probably a month or so before the CON. We make sure that we got new code on it. We look at last year's config. Make any changes we need to make. Um and then make sure that that also integrates into the overall design. So again different venues the last couple years we've had different network network topologies which meant the wireless had to adjust slightly. Meaning we're not just plugging in what we had last year. Um and then you know as Max said we we get here a little early so that I was helping with fiber and getting APs out and inventoryed as early as Saturday evening when I got in. Anything else we're doing? Precon? You might notice the why that was in the previous slide. The wired network is only there to support the wireless network. That's the only reason that they put wired in. Um these are the tools that we've been using this year. So to do what we do we don't have to have these tools but I'll tell you it makes our life a lot easier. So down at the bottom left there you've got the account sidekick that's uh spectra analysis and some wifi survey work. And then a bunch of net scout air flu tools to quickly diagnose port problems and RF issues. And as always there's a console cable in the mix and then uh a special console cable for our access points. And then just a little bit about the hardware we're using we've got a Rubus 7000 series controllers. The 7212 is kind of the big boy. It covers uh the larger of the venues. And then we've got a smaller 75005 covering just Flamingo. Uh right now we're running 65 code. We're using uh AP 305s. We've got about 80 of them out this year. Uh probably about 100 in inventory. So when we have more ports we put more out if we can. And then we're also running a Ruba air wave as a management. Just a little bit about the settings. So I've seen stuff on Twitter after the con talking about you know I was on the wifi and nobody attacked me this year. Well there's a reason for that. So uh Defcon Open is 2.4 gigahertz only. We have client isolation so that means clients can't talk to each other when they're on that network. We're blocking MD&S, bonjour traffic. Uh basically our firewall is saying you can only go to the internet. And obviously it's an open network so there is no encryption. Anything that you send over the air someone else can sniff. Our Defcon Secure on the other hand is 5 giga only. So that kind of takes a lot of the noise out of the cheap little devices from China that are really good at de-auth attacks. You have to be a little bit more specific to target that network. Again client isolation, DNS, MD&S blocking, same thing with the firewall. But we are using WPA2 Enterprise with uh PEEP MSChap V2. And then the back end of that is free radius for our client off. Um and then just sort of one underlying point that I wanted to make about these kind of networks. That they're very quick to come up. They're standing there for a little while. The simplicity is the key in this. We don't turn on a ton of features. We want to lock down the network. We want to keep it secure. But a bunch of the advanced stuff tends to cause problems with certain clients. Then you guys have a poor Wi-Fi experience. So we uncheck about as much as we can. Aside from the bare bones things are going to keep you getting on the network quickly. Getting you on the network securely and then just letting you do your thing. How many people use the secure Wi-Fi network this year? How many people use the open Wi-Fi network this year? So I remember uh DEF CON. I don't know which number it was. It was at the Riviera. When uh do you remember AirPone? When it first came out? Basically it was on a white uh an open wireless network. And what it was doing was essentially everybody that downloaded a page from the internet. It would replace all of the pictures in any web page with um with Goatsy. And so you would see I would just watch these guys sitting out there typing something and then all of a sudden they'd slam their laptop lid shut. And it repeated all over the place. That's why we don't use the open Wi-Fi network at a hacker con. Use the secure network. And things like that don't happen. And I'll say I'm proud of you guys. We had like well over 2,000 people on the wireless so far this year. You'll see better stats at closing. Uh and it's predominantly on the secure network. Like good job guys. I'm glad to see it. Oop. We got a question. Yeah. Uh the wireless is not. I'm sorry. Yeah. The the question was are we uh blocking DNS null queries? Correct? No the wireless is not. Firewall? No. I we have not looked at it from the wireless. What was the question? Yeah. I'm sorry. Um are we seeing a lot of instances of iodine? And I'm not familiar with it. So uh oh got it. Yeah. So DNS tunneling out. We don't really watch for it. Yeah we're not really watching for that. But as far as going out we kinda don't care. Go out. Like we're letting people go out and do what they need to do. Yeah we get that we get that question a lot of uh all of my application is not working. My something is not working. We're blocking nothing. Anything you want to do as long as it's going to the internet is is allowed on this network. Uh and hopefully most of you know about wifi reg. It's the way that you create your credentials for the secure network. Uh it's there's nothing really fancy to it. It's a pretty simple web server. We've got a database in the back end. It goes live the week basically of the con. So we usually do some testing staging before we get out here. And then once we're here we fire it up so that if you guys want to do that password user creation you can do it on a secure network that you trust. So do it from home. Do it before you get here. You know whatever. You don't have to do that off of our network. And then we've got a bunch of instructions. So lots of different client types out there. You know how do you get your device configured appropriately to securely connect to the peep network. And sometimes we miss stuff. So we have got some feedback. So thank you for the folks that have said like hey I think you got a config line wrong. Um it's usually a quick and fast sort of uh change of that page. So yeah we miss things. We appreciate you guys giving us good feedback about things that we miss so we can fix it. Um and then just some examples of some funny new usernames. You guys get like pretty good usernames that we see coming through the wireless controller. Yeah. Alright this year we had added some stuff. So the lovely picture you see here um we found out that we had to provide some wifi over in the theater area. And kind of last minute threw up some access points. So again not an ideal scenario. If if me putting my wireless engineer hat on. I'd want those in ceilings with directional antennas. I'd want about four times as much to cover that area. But when you have to do it in two hours you work with what you got. Yeah so actually. I'll talk a little bit about mounting because you see in the picture here obviously that's not the way we like to mount wifi access points. And we see tweets about that sometimes. If you guys don't know what you're doing, you mounted the APs wrong. We do know what we're doing but we're limited by sort of what kind of um mounting is available. So you know uh day one here I think on Monday they wanted to put the APs on the ceiling here. Like as high as possibly could as they possibly could. Not optimal. Um we'd like them on stands. We'd like them up above the the people. And we'd like them horizontal. And that's sometimes tough just based on what types of uh stands we can get. And how we can you know we've used duct tape. We've used bailing wire this year. No kidding uh bailing wire to attach um APs. So it's just a matter of what we can get. And we got we got some of these this year. So this is sort of our ideal. Uh unfortunately we got them after all the APs were up in the air. This is called the wifi stand. So like very handy. Hopefully you'll see these next year. Because they orient the AP exactly how we want facing down. Uh they just made it here a little bit late. So hopefully next year that's what you're going to see everywhere. Um yeah. The no no chrome. I mean maybe we could you know bedazzle it or something. I don't know. This is a hacker job. Um so so many other stuff we added this year. Android app. So hopefully uh everyone trusted that through the Google Play Store. Um that was sort of a new experience for me. I borrowed that idea off of CCC. Um we've had troubles in the past with Android having such a large ecosystem. It's really hard to describe how to configure that client when it's different on so many devices. So this kind of was a little bit more effort but made it a lot easier to say. We know that you have the profile. We know that you have the cert. We know that you're doing the right checking. And it'll work on pretty much all Android devices. So um that was hopefully something we're going to keep uh going in the next years. We added more config instructions for Linux. I think we'd only had WPA supplicant up to date. We added some other stuff. Um and then Nick and Wish you guys want to talk about the or Nick and John want to talk about the Chromebook profile? So Chromebook profile is new this year. So people had been we saw some folks complaining on Twitter that we didn't have the config for a Chromebook. And so um how many people have Chromebooks here? Oh, handful of people. So so thank John actually. John stand up. Yeah John! For for spending several hours wrangling with the Chromebooks um in order to get that to work. But now it it works. Yeah. Yeah thanks guys that we were busy doing other Wi-Fi stuff so they pulled the pulled up the slack on that one. Um challenges for Wi-Fi. There are challenges and funny enough like we we think as professionals these are not necessarily Wi-Fi challenges. That seems to be the easy part but patching is difficult. Cable runs are difficult. Um sometimes we ask for a cable and it's in the middle of some space that it shouldn't be there or it needs 20 feet of gaff tape. As I mentioned before that the amount of drops that we have that we can actually backhaul to the switch. Not never as many as I want. Um POE can be a problem sometimes. We have POE at every one of our switches. But if you've got a bad cable run or let's say you terminated something wrong on one of the POE pairs uh we had John fought one of those for a good couple of hours where the AP comes up. Powers never never gets on to our controller because one of the pairs is flipped. And it's not something you'd catch unless you had a tester or you know everything looked okay. I need to complain about mine. I need to complain about because I'm sure some of you saw me on opening night in the chill out room next door in valleys trying to screw at that access point on the 50 foot pole. Uh that thing and we had three or four drops like this. AP comes up, power comes on so POE works. It can talk to the network that works fine. It can talk back to the controller that works fine. It sends five packets and won't talk anymore. Like the wires heat up and suddenly become non conductive or something. That's the sort of problems we dealt with. And changing out the cabling is the only way to deal with that. And sometimes it's the last cable in the room. So the wireless village this year was supposed to have an access point from us. We couldn't. It was the last possible jack in the room. It went bad so we ended up moving that out in the hallway. So um older hotels are no fun for this sort of thing. Yeah the wifi is easy. All the other pieces are hard. Um the mounting if you guys saw the stands that we have out there a lot of them are pointed down which is what we want. Um some of them we didn't have the little bit that we got from the encore folks to kind of give enough 90 degree angle to drop down. So we do have some that are facing polarized incorrectly. You're still getting signal. It's just not ideal. So mounting is not easy. And each of the different properties has different stands. So you know this would be great if it was just a single property. But we're kind of dealing with four different groups in in some regard. And that means the mounting may not be as consistent as we want it. By the way he mentioned encore. These guys are awesome. If you are people that hold conventions uh the encore folks support all the IT for uh for the hotel. They have been here uh day and night with us uh hanging out in rooms watching us plug cables in and that sort of thing. But they're just it's they're incredible. So um those guys plus Caesar's IT are wonderful to work with. Yeah thanks uh for mentioning that John. And those folks have come back working for us. Phil how many years have you you say you did this? I mean I've worked for Caesar's for 15 and I think I've done it for at least seven. Yeah so Phil's been around for seven years. These guys between Phil and Kevin and and the encore folks we we they are part of the doc. They they are here. They ask to come work with us every year. They they know what we do. They know how we do it. They're invaluable to our team. Because letting a hacker con into your MDFs and IDFs like what could possibly go wrong with that so uh you know testicular fortitude. Let's see I think I've got everything. Oh and the room changes like I said things change right and sometimes rooms actually change during the con and you get things like this left on the floor with no access point there anymore. So you know we have to be a little bit dynamic in the morning or even in the evening. Look kind of look in and see what the alerting system has said. Hey your APs are down. It's because an air wall moved and they those pictures there from an MGM property. So yeah it's always fun you know we don't really get to sit back too much. There's always something going on and we have to address it as the con goes on. You guys have done really good this year at not stealing our APs and we appreciate that too. Keep that up. Um just some miscellaneous thoughts and you know if you guys have questions this is probably about the time for the Wi-Fi questions but everybody blames the Wi-Fi and the reality is you know sometimes it is our fault but a lot of times it's DNS problems it's DHCP problems. Um we work really hard so that we know that our infrastructure is solid and unless you're in some area that doesn't have our APs like the casino floor you're not gonna get our Wi-Fi in the casino floor. Yeah there was a complaint last night so in in the conference spaces we are providing our app. Everywhere else we are not providing our app. Is is is wookie here? Maybe that was the Twitter user that reported it last night that wasn't working on the casino floor. That was a chance to throw something. Alright so uh the other thing we we say in the app had it as a default password defcon defcon and we wanted just to show you guys that if you're doing the correct checking in your self-licant because of rotating keys you're still secure using the same password. That that TLS tunnel is dynamic for procession so you're you're safe if you've configured your incorrectly and that's always the sticky part. More about that. Is fart face here? You downloaded 16.2 gigabyte so over the Wi-Fi over the last three days. So kudos to fart face I guess. And then just some future planning so um we really would love to get a WPA3 network out there potentially next year. You know there's still a lot of client proliferation that has to happen. Um I kind of want to stable code base for the Aruba controller that will support it well so that we can offer that. Uh and then we also want to potentially do OWE which is opportunistic wireless encryption. So it's it's like an open SSID no authentication but you get encryption. So you know try to move towards using some of these new technologies that will keep the onboarding process simple for the Wi-Fi but keep you guys secure. And we we could have done WPA3 this year we didn't want to just because the client situation is still in bit of flux and um that's likely to lead every time there's a new generation of kind of Wi-Fi capabilities it leads to compatibility problems and it takes a year or two for that to sort of work its way out. So um we we kind of made the executive decision he did that we're not going to do it this year but I think next year we're going to we're going to try. Yeah it's it's it goes back to that simplicity idea. If I turn on some new advanced feature there's going to be some devices that have a hard time with it and then can't get on the network and then that's really hard to troubleshoot. So yeah and then it's our fault right then then you guys come to us and say hey the Wi-Fi is broken and we say well you know you've got this client that's not behaving correctly um try to avoid that at all possible uh cost but once we get that proliferation proliferation of devices it should be uh a little bit easier to suss those problems out if they do occur. Alright. I think that was my last slide yeah. Okay. Any other questions? So I I want to notice I want I want to like demonstrate the point out the gear sitting on stage was in use up until the last couple of years where it got refreshed by stuff that's only slightly less as old. Um so one of the big hurdles right now with IPv6 is making sure that we can do it in a secure way which means router advertisement suppression which none of our gear supports right now. You know IPv6 has been out there for about 30 years. People have been kind of really deploying it for the last you know 5 to 10 and you know it's been secured for like the last I don't know probably next year. Um so that that's kind of where it's sitting. Uh the the second thing is uh all of that would be tunneled because none of our immediate handoffs are v6 uh upstream. So those are kind of the two things right now. So we'll go I'm just going to point out. More questions? You sir? Okay. Absolutely none. Yeah so uh so the first question is what additional privileges do we give to uh people who put out for the call for services or put stuff on the network? Uh yeah to the point realistically none uh if anything we give them less privilege from the standpoint of we allow people to connect to them. Which is you know opening it up. Uh so the client isolation is really from like. Yeah that's strictly wireless to wireless. Let's talk about VLANs. How many VLANs do we have? Like each podium has a different VLANs. Okay so yeah I mean from the standpoint of do you want to answer? No. Okay. Uh from the standpoint of the the uh wired separation we pretty much separate as much as possible. Every drop coming out of the wall uh gets its own VLAN network. It gets its own network. All of that is uh layer three controlled uh stateful firewall in between them and it takes it from there. So it's a specific operation to open something up where the like the CFS comes into play or the villages and contests. Over there. 802.11 R. If it didn't break the crap. Oh I'm sorry. What advanced feature do we turn off that we wish that we could use? 802.11 R is a great example. It would improve roaming. Uh it breaks a lot of devices. And there's some security implications there too. Um management frame protections. Another one. That was always the hey why aren't you turning this on? It's cause most clients don't support it and then they cannot connect to the wireless. Discovery protocols. We had a conversation about turning on Passpoint this year. Hotspot 2.0 type stuff where your phones would have sort of auto connected to the network without you asking them to. And we decided that that would piss a lot of people off at DEF CON. Which was kind of the point but we decided not to do that. Yeah we. John. Raise of hands. Who would be pissed off? Who would be pissed off if we. Yeah. So if Home Depot does it to you though. No. We're throwing we're not gonna run the idea of maybe doing a talk about that next year so that we could run it in a very limited location. So if you guys came into our talk. Your phones would probably get pass pointed. But uh not on the full infrastructure. There's a guy over there had a question. Yeah he read that. Got your I'm up. Got you. So there's a there's a couple diffs and sorry dips in the uh Wi-Fi user count graphs for the year over year. Uh and the question is what can we explain those? Uh when the simple comments is no I I'm trying to remember some time back. I'm pretty sure DC 16 is when that airplane thing came out that I was talking about. Yeah. That might be the reason. That was when they changed the option at Riviera DC 16. Yeah. One moment please. Well we confer about a proper answer to give you. Uh pretty much larger space, more APs, not necessarily. People like people used to be very skeptical about connecting to the Wi-Fi network at AFKON. Used to be. Uh people understood that it was okay to do it. Right? Um I think that's part of it. But it's not one one thing. We got year by year we get better segue to the next slide. Uh bandwidth uh not great but we keep trying to improve as much as we can. But if you guys have a great experience and it's secure, right? Secure to the point that they were talking about your device, your traffic is, the traffic is encrypted. Nobody else can connect your device to attack your device. And we're not looking at the traffic that you're sending. I think that's fair game for this, right? Um for us on the other side is available, availability. Right? We don't want uh people like we want the network up. The more this works the more beers we have. So through from Thursday last week through Thursday this week it's a lot of work that we do to make it work. Then we hope it doesn't break so we can kind of watch talks and things like that. One of the when the suggestions from our colleagues is that uh there are alternatives to the DEF CON network uh particularly uh you know cellular coverage and whatnot. And during some of these some of these years there was uh times where that was coming out and you could secure yourself easier than you could secure into you know your standard enterprise uh wireless network. Let's go. Oh you got a guy straight ahead here. He's kind of got his hand up. I'm not sure if he's just resting it. There you go. Commit then. Now stand up. No, no, no, no. I ain't gonna listen to your question. You stand up. There you go. Do we collaborate with the BlackHack guys like here? Sharing resources. No. I'm gonna move my marker away. Uh not as much. Back when DEF CON and BlackHack were a lot closer there was a lot of there was some shared stuff but uh corporate entities kind of forced that to be a lot more separate. Um. The timing doesn't line up either. Yeah. We we need to have our gear here and running and going. The same time BlackHack is running. So. Yeah we're also not sponsored. We're not funded like BlackHackers. Yeah this is big bar on steel. I know. Alright. We'll come back to number two over here. Stand up. Uh stories about disaster porn. Okay. So the question is uh given the attacks. Yeah what are the attacks we've seen? What are some of the particularly notable ones? So um you mentioned something that's very kind of interesting. You said under attack? Like as in we're not attacked? No no. Is that is that is that what you're? Really? I'm not sure if you understand how alerts work. Alright. All of our phones here. So um a few years back um we uh we ran into an issue uh with a gentleman uh that was what was he doing? Was it cloning or mimicking? Don't spoof any of the casino networks. That's a big, big no no. And uh the the short and skinny of it is that well we're not attacked directly maybe. Um we have to deal with all this shit you guys are doing on on that network and it doesn't necessarily stay in your nice little area sometimes. Somebody learns a new skill set and they decide they want to try to flex that out. Sorry this is difficult to do and this. Um and uh sometimes oh shit clean just totally screwed spence. Um. Thank you. Ooh that's a healthy shot. Good luck. Um it's okay he is actually old enough to drink folks before anybody brings that up. He has been carted. Anyways um no we uh we'll go around and occasionally we have to work with uh Caesars um on helping mediate some of these issues. Now internally um so I mean from the attacks internal like we expect some of the network to be attacked and we kind of set it up and let it go that way. Again the open network if people are trying to attack that that's kind of the nature of what it is. It's meant to be that that playground for people to go with. Um then there's other things where it's like we you know there was a BGPA hijack a few years ago. Not necessarily anything that we you know it affected us or or whatnot but yeah we know the network was going through you know the upstream network was going through another provider um just to demonstrate it as a talk. Uh for the most part what we what we look out for are the the speakers who have some demonstration they want to do and those are the ones that are that are kind of memorable. Um lots of gateway attacks you know spoofing um you know the traditional wireless de-auths etcetera. Um why don't you talk about what happened with 8.8.8.8.8 this year. Yeah. Which one? The uh Google DNS. Google DNS uh so yeah so what Sparky was saying is we don't necessarily you know worry about a lot of the attacks that are directed against us but if someone just happens to be doing an attack against outside hitting up Google hitting up you know uh Microsoft hitting up any of those you know nice companies they'll see it as attack and they'll block you know the blacklist the the Defcon egress networks. So that's like yeah that's the nature of it. Um please don't do that until tomorrow night. So it's it's always fun trying to like you know reach out to people we know you know someone who knows someone who knows someone can be like oh yeah they can they can allow that through um cause sometimes it is you know an exploratory attack sometimes it's just we have a 30,000 people connecting into this network and doing a bunch of stuff and it's become the practice recently that uh the way to test your internet is to ping 8.8.8.8 right? Yeah after enough of that on the same network Google's like why are you sending me all these ICMP. So it becomes interesting to test it uh yeah. And then you know I know we've also had the uh Wi-Fi spoofing attacks. We see Wi-Fi spoofing. That's the most I think it's most common thing we see with Wi-Fi de-auth attacks and then people will try to clone the black or the um sorry Defcon uh network or Caesars network or things like that. So we see duplicate SSIDs in the air. Um it's it's silly just don't do that because we can see which room you're in if you're doing that and if we're not drinking or otherwise occupied we'll come and find you which we haven't had to do that much this year. Thank you. And if it's the Caesar stuff Caesars will come and find you and you don't want that. No they come with a lot more people. Yeah because if we you know because everybody likes to come out and hey let's clone the hotel network you know put up a pie put up something cherry pie pecan pie I don't care what it is. But I think it's something rolling think they're cute you know just yeah it's some kind of pie or something whatever. I'm not hungry shut up. We're slowly getting drunker and drunker up here. So yeah. So what they do is you know they do a one letter off and they try to get everybody else to try and authenticate to it because they don't put no encryption on it. We're we're we're we're better than that. We can from the back row that it basically the explanation there was you're an effing retard. If you start trying to pretend you're Caesars and wander around the floor um there's a probability that somebody's going to notice and they're going to send a lot of a lot of dudes who you just don't want to visit you. They come see you. So don't sit like in one of the big bathroom stalls and do this because I'll just dump water over the door. And you know it'll be cold it won't be hot water it's going to be cold you're going to probably pee yourself two or three times while you're sitting there. So I'm going to regret saying this but yes please focus your attack attention on us not on Caesars. Hey I heard it here first folks. We're taking a bullet for Caesars. Yeah and I'm going to amend that by saying if don't attack our wireless network go to the wireless village and attack their network. Next question. Next question. On the same token it's like again 8 or 2 1x we make it as easy as we can for you to use right. We don't expect you to understand it 8 or 2 1x. It's not that complicated but it's not that simple if you're not a wireless networking person that's fine. But last year I was at Caesars going from my room to the knock and I'm walking by the buffet if you were there and some guy is on his laptop walking I'm like whoa do you get do you get signal here he's like what yeah I'm like from the DEF CON network he's like no I don't use that network I'm like but you're on the internet he's like yeah I'm using the hotel Wi-Fi I'm like the open one he's like yeah I'm like right on. Let's go you have your hands up. Yep there you go. So yeah how far out in advance do we do planning and design for the network? The calls of what a week after we leave here first call? Yeah. Yeah. So on average we do let's say well we should be doing 8 months. Yeah but 8 months out we eventually pull our shit together and get on the phone. We actually go to an amazing conference some of us out of Chicago called THOTCON and oh yeah yeah maybe recognize Nick. And we go there and a lot of us will meet up there beforehand and do a little bit of planning and it's got an amazing VIP section. I do the planning you guys are there drinking. Oh yeah that's actually that's sorry. I've got a wireless network to run. Colin Oslo is an opera over there and yeah we most of us just get trashed and shout out to Morgan and video man for that. Shout out to Morgan. So pretty much tomorrow all of us all of us are going to know where THOTCON 28 is going to be at. That's when we start planning. If it is the same thing we kind of know what we're doing and what worked and what didn't work. If it's a new place or adding more places then around December we start planning. Excuse me where are you guys going? The stock's not good enough. You in the front there. Come on. I think we just answered all the questions. Lots of activities. The garbage domes he's just in there watching stuff he can't touch nothing. Hotel corridor right now. What's covered now? I mean to a degree we have some monitoring telling us you know what is or isn't going and there's a whole lot of Twitter that would tell us what is or is not going on. So. My phone is on mute now so I don't know. Is it up? You have a question? Go up. Dude you're like ten feet away. Come on. I was just curious what's the setup like between here and Flamingo? I don't know. Maybe it's all two, maybe it's all three. How do people at Flamingo talk to certain ones back here? So we'll skip through some of these. We'll come back to those. You can ask if you want to see those other pictures. Ask questions. There we go. So this is what the current planet Hollywood Paris-Ballies connection looks like. All of it is the same layer two segments. We have physical connections between all of these properties that we can extend all of our VLANs too. Sorry can you point to where the Flamingo is on that man? So the Flamingo is over here. It is a smaller property and unfortunately it is not layer two connected over there. So what we do is we basically stand up an IP second tunnel between the two properties. We have divided route domains such that the Hollywood cord network has one set of networks and the Flamingo has another set of networks and we do a lot of cross traffic a lot between those. So Wi-Fi reg is sitting in this building for instance. So someone over in Flamingo signing up would come up to the firewall, hop across the IP second tunnel and then drop down into our Wi-Fi reg. Other questions? What would you want to know about the other images? Stand up, stand up. Oh, who would like to talk about the floor? So the question was what do, you know, we never have a problem. We talked about the infrastructure and like how many lines go to particular places and then once you get to that place you have to plug into the wall somewhere. So we have a bunch of pictures of what it's like to plug into the wall at some of these properties or the floor. So sorry. Before we do this we like to say we actually really like Caesars and enjoy their company. Yeah, it's, it really is a stuff builds over time and these are no way properties become everyone's like this, right? Phil, is that enough of a backtrack? Yeah. All right, Nick I think. So some of us have to go around and test drops all over the different properties and I took this photo. That's a quesadilla. Down in there and this was in Planet Hollywood in the celebrity ballrooms. But Nick what would you eat a quesadilla with? And then I went to the next one and there was a fork in the floor pocket. And we've over the years we've found also things like shoes, underpants, random pills and candy from God knows when. It's the real death con scavenger hunt. Step one is collect underpants. All right. Other questions? Yes ma'am. Yeah. So the question is how do we secure the physical aspect of all of our networking gear? Duck, duck tape. Both of us are viciously tabed. Viciously assholishness. Bazooka bubble gum. We try to keep it away from you guys. As much as we can. Right? The distribution switches, core switches, it's everything like and within like unreachable places even to us. We have to be with Angkor or the hotel to be there. But access points and everything else, it's a crapshoot, right? It depends on the property that we're at. Alexis Park was fun. Riviera was much easier because they had no wall jacks at all. So the picture that we saw around here, the background picture is a wireless controller that provides power over ethernet. Right there. Yeah. Right there for them. To all the APs that we had. So the APs were in the ceiling. That's what he complained about because the APs were too high. But hey, nobody's gonna steal them or unplug them and try to do something bad. And other places like the real, that if you were there, the hallway that would lead all the way to the back there, everything was reachable, right? So how can we secure that? Some of them would do like port secure, I guess. Some of them like we can't, right? And good or bad, we're still sort of humans and we do misconfigurations and things like that. So it happened before. One of the whoops moments is like people are like, oh, we had to. It's like, cool, what did you do? Oh, I plugged and I saw all of your access points. It's like, fair enough, right? Because we have a VLAN for all of the access points and the port that we told you guys to use instead of going to the internet was seeing all the access points. Sure. You could DDoS and bring down all of the APs but fair game, I guess. Yeah. And while you're sitting there unplugging the AP and plugging your own shit in, we're watching that through the monitoring on either Libra, NMS or Airwave anyways. So we know what's going on. Yeah, you tell us, Spencer. Your weakness will only last so long. If you do want to hack Wi-Fi gear, my company has a very good bug knocking program. So please do that, but not here. So we had seven minutes left. We have 37 minutes left. We have seven. Thank you to DCTV. Yeah, DC, stand up for DCTV. Nothing but love for DCTV. Stand up. But there are other departments at this conference just putting that out there. And yeah, stand up, give them a round of applause over there. There we go. The departments, you know, I'm looking at SOC, speaker ops. This is like, you know, a few other ones just saying. Thank you. Okay, so we'll say one last question. Who wants to go out on a good one? If you're holding your hand up. Yeah, you have a purpose. Alright, what are the legends that we passed down through the knock team? Uncle Sparky, can you tell us a story? I'm gonna probably pass this on to others just because a drunk hacker history is where you come to get all of the amazing historical stories. There you go. Now, some of the history, some of the past, things have changed dramatically since we started this little party. Back in the day, we used, you know, crappy D-links and we used to race the scissor lifts. This is like well before safety and unions. No, no, it was pretty, pretty well back there. We plugged the switches. What? No, no, no. Oh, the switches to give away. We're two-thirds of us are trashed and I'm on that part of that. No, some of the history, some of the things we used to do in the past is the bathroom IDF, there you go. Somebody asked about physical security. Well, it was locked in the shitter so it really, do you have a picture of that? Just before we go there, I just want to say- Sorry, I'm skipping ahead. Well, I'm just like DC-17 wired did a spread on us and there were a lot of things like even some of these switches show up in the wired spread but one of the things that they really wanted to point out over at the Riviera was an IDF. Yeah, yeah, it makes working those long hours a little bit more comfortable. Back of the day, all the tape that would be gaffed down, I would just drink a bottle because it works really good in a gaffer roll so you can just hold onto it and roll it out. Yeah, that's why you were drinking the bottle. Yeah, well, that was it, yeah. That also made for a lot of wavy lines so it's nice that we have professionals that do this now as opposed to us. Okay. You guys left about that toilet, it's probably the cleanest one on a whole property that Sparky had access to and you didn't. Yeah. You got anything else? No, all right. Well, so that's it, we're gonna give away history here so before we do that I just wanna say thank you for coming to the talk. Thank you for being a part of DEF CON and using the network. We do this for you and it is, it does feel really good to see it in use and see what's going on even with all the challenges. Before you guys leave, some of these switches were in Wired Magazine so, you know, they're famous switches. Yeah, centerfold. Centerfold style switches. So before you storm up to the stage, raise your hand if you wanna switch. Too bad. All right. No, no, no. One question. Oh wait, wait, sorry. One question from now. If you want a definite switch, did anybody travel here from Russia? Anybody here from Russia? So we got nobody working the elections. Okay, you from Russia? Did you do anything with the elections? Put your hand down if you did nothing. Okay, you don't get a switch. All right, sorry. Raise your hand again if you want to switch and you're not from what Phil established here. All right. Keep your hand up if you are a student. All right, you guys are awesome. Come on up to the stage.