RandomUser
(1000+ posts)
Send PM |
Profile |
Ignore
|
Fri Mar-04-05 03:54 PM
Original message |
How to track a PC anywhere it connects to the Net (Carnivore) |
|
How to track a PC anywhere it connects to the Net By Renai LeMay, ZDNet Australia 04 March 2005
Anonymous Internet access is now a thing of the past. A doctoral student at the University of California has conclusively fingerprinted computer hardware remotely, allowing it to be tracked wherever it is on the Internet.
In a paper on his research, primary author and Ph.D. student Tadayoshi Kohno said: "There are now a number of powerful techniques for remote operating system fingerprinting, that is, remotely determining the operating systems of devices on the Internet. We push this idea further and introduce the notion of remote physical device fingerprinting ... without the fingerprinted device's known cooperation."
The potential applications for Kohno's technique are impressive. For example, "tracking, with some probability, a physical device as it connects to the Internet from different access points, counting the number of devices behind a NAT even when the devices use constant or random IP identifications, remotely probing a block of addresses to determine if the addresses correspond to virtual hosts (for example, as part of a virtual honeynet), and unanonymising anonymised network traces."
--snip--
Kohno seems to be aware of the interest from surveillance groups that his techniques could generate, saying in his paper: "One could also use our techniques to help track laptops as they move, perhaps as part of a Carnivore-like project". Carnivore was Internet surveillance software built by the United States' Federal Bureau of Investigation. Earlier in the paper Kohno overshadowed possible forensics applications, saying that investigators could use his techniques "to argue whether a given laptop was connected to the Internet from a given access location".
http://www.zdnet.com.au/news/security/0,2000061744,39183346,00.htmThis means they can "fingerprint" physical computer hardware and track the fingerprint the way they track human fingerprints, completely bypassing any software barriers. Carnivore and its ilk won't need to install any software or hack into your system or anything...just measure a system's physical fingerprint online. The measurement doesn't require any cooperation on your part, and can't be obstructed by firewalls or any software barriers. The online fingerprint of your physical hardware remains the same even if you reformat and reinstall all your software.
|
McKenzie
(1000+ posts)
Send PM |
Profile |
Ignore
|
Fri Mar-04-05 04:00 PM
Response to Original message |
1. 100% anonymity is possible |
|
but I'm not saying how out here. Anyone who frequents the alt.2600 Newsgroups will know how to do it.
|
b...
(86 posts)
Send PM |
Profile |
Ignore
|
Fri Mar-04-05 04:06 PM
Response to Reply #1 |
|
for everyone else that doesn't go there, we're doomed!
doomed i say!
|
Tandalayo_Scheisskopf
(1000+ posts)
Send PM |
Profile |
Ignore
|
Fri Mar-04-05 04:19 PM
Response to Original message |
3. I just read an article on this... |
|
It is based on something called, IIRC, "clock skews", a fingerprint of the inconsistancies of the system clock of the machine and how it interacts over the net.
Ummmm...that's the whole net. The whole frigging internet.
I think that the young man who came up with this is waxing a bit hyperbolic with his claims. While theoretically possible, I have a feeling that turning this into a usable application is gonna be a lot trickier than he expects, by orders of celestial magnitude.
|
Mairead
(1000+ posts)
Send PM |
Profile |
Ignore
|
Fri Mar-04-05 04:48 PM
Response to Reply #3 |
|
Bet on mamaboard makers such as ASUS offering biasable and/or swappable clock chips (actually, they might already do--I've not looked).
|
bemildred
(1000+ posts)
Send PM |
Profile |
Ignore
|
Fri Mar-04-05 04:43 PM
Response to Original message |
4. Coming soon: "Clock Skew Spoofing". nt |
BigBearJohn
(1000+ posts)
Send PM |
Profile |
Ignore
|
Fri Mar-04-05 04:43 PM
Response to Original message |
5. wow... very scary The implications of this are staggering. |
bemildred
(1000+ posts)
Send PM |
Profile |
Ignore
|
Fri Mar-04-05 04:49 PM
Response to Reply #5 |
|
This will be easy to thwart by anyone with hacking credentials. I have source code access to my IP stack and so do many others.
|
BigBearJohn
(1000+ posts)
Send PM |
Profile |
Ignore
|
Fri Mar-04-05 05:32 PM
Response to Reply #7 |
9. well I'm glad we have people like you on our side |
bemildred
(1000+ posts)
Send PM |
Profile |
Ignore
|
Fri Mar-04-05 05:50 PM
Response to Reply #9 |
11. I won't do anything, I don't care. |
|
But in six months or a year all the open-source OSs will come with a randomized clock-skew option, or something of the sort. This technique relys on IP information written by the OS kernel, it's completely passive, so if one wants to one can write other (fake) information, or randomize it, or stop writing it. But in most cases I don't see why most people could give a shit if their PC gets fingerprinted or not. Those who have a reason to care will get it fixed.
|
BigBearJohn
(1000+ posts)
Send PM |
Profile |
Ignore
|
Fri Mar-04-05 06:52 PM
Response to Reply #11 |
napi21
(1000+ posts)
Send PM |
Profile |
Ignore
|
Fri Mar-04-05 05:23 PM
Response to Original message |
8. Obviously all of yuo are far more comp. literate than I am, but |
|
let me explain my viewpoint on this.
I HOPE this guy has found a way to track down the source of an internet connection. I'm really tired forwarding spam emails from some crooks trying to get my PW info for ebay, my bank, even accounts I don't have! I take the time to forward them to the company involved, but all I ever hear is that we are doing everything we can to stop this.
About 6 months ago, I got a series of emails like this from the same source. I contacted my ISP. The tech helped me, while on-line, to see if we could find out where they were coming from. I don't remember the explaination anymore, but end result was they couldn't.
It would also be a help in finding the devious nuts who think it's so funny to spread viruses and worms throughout the net, and sit back to see how much havoc they can cause.
I don't underand all the reprocussions of sourcing, but to me, it can't be anything but better than it is now.
|
Ian David
(1000+ posts)
Send PM |
Profile |
Ignore
|
Fri Mar-04-05 05:48 PM
Response to Reply #8 |
10. There should be a threshold at which a Spammer is considered a terrorist |
DU
AdBot (1000+ posts) |
Sat May 11th 2024, 09:06 PM
Response to Original message |