IP Logging and Tracing Question
"One visit to a booby-trapped website could direct attackers to a person's home, a security expert has shown. The attack, thought up by hacker Samy Kamkar, exploits shortcomings in many routers to find out a key identification number. It uses this number and widely available net tools to find out where a router is located. Demonstrating the attack, Mr Kamkar locate one router to within nine metres of its real world position." http://www.bbc.co.uk/news/technology-10850875
In plain talk, a web page obtains the Mac address of your router, which is not hard, and cross-references with either Skyhook or Google maps database. My IP address locates to the capital city of my country, and nobody has surveyed access point Mac addresses here yet.
I have always taken the approach that nothing on the web is ever untraceable or anonymous, if anybody were actually interested enough in finding out.
Ichinin
Veteran
Joined: 3 Apr 2009
Gender: Male
Posts: 3,653
Location: A cold place with lots of blondes.
Good approach. One should not delude oneself that there is privacy on the net.
_________________
"It is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring" (Carl Sagan)
Good approach. One should not delude oneself that there is privacy on the net.
Or at least, not at least you really know what you're doing, are extremely paranoid, and use multiple proxies.
Mac addresses can't be acquired by web pages and if they could, they certainly can't be used to locate you. Where are you getting this information?
Mac addresses can't be acquired by web pages and if they could, they certainly can't be used to locate you. Where are you getting this information?
I thought the same about them not being obtainable by webpages actually, glad to hear I was right. They can, however, be used to trace you with services such as SkyHook.
Mac addresses can't be acquired by web pages and if they could, they certainly can't be used to locate you. Where are you getting this information?
I thought the same about them not being obtainable by webpages actually, glad to hear I was right. They can, however, be used to trace you with services such as SkyHook.
The Mac address is readily obtained by any device on the same subnet, using a command like nmap. The exploit (linked to in my post) is a web script that spoofs a local subnet IP address, to which the router responds by delivering its Mac address. So yes, you can also obtain the Mac address over a web page - I once used a web service for tracking email that returned the Mac address (plus IP address, operating system, browser options and installed software) of all recipients. There is a pile of software that can map the internal structure of an organisation from the outward facing IP address, although doing so may be illegal - ISPs can legally log the Mac addresses connecting to their servers, for instance.
Mac addresses are also locally available from all wireless access points within range - you can see them in your network manager. Both Skyhook and Google have collected Mac addresses in bulk from roadside surveys. A mobile phone with wireless access can provide approximate location (without using GPS) by looking up the location of Mac addresses in the Skyhook or Google database. If your router was switched on when they surveyed your street, then your router's Mac address is probably in there.
So running something like NoScript will prevent this?
Yup, that's how iPod touches and other iDevices without GPS can get your location.
So running something like NoScript will prevent this?
Of course not. That exploit collected assumed geographic location as people visited a web site, but targeted IP scanning just needs the machine switched on (run ZoneAlarm or similar and you will see that your own machine is probably probed once in a while).
The Mac address is public data with limited availability, but necessarily available as part of the network protocol. The Mac address of your router is known to any network that the router joins, i.e. your ISP (and therefore anyone with sufficient authority or access). Anyone else could try ping 1.2.3.4 ; arp -a, which may list the Mac address at IP address 1.2.3.4, or nmap -O -T5 1.2.3.4 to get the operating system, open ports and Mac address of a compliant machine. If 1.2.3.4 is not on your local network, then a port scan may breach the contract with your ISP, or be illegal.
However, I think a lot of this is entirely beside the point - the internet requires ID data of some form to make and maintain every connection, and the vast majority of ID data can be logged if the target is of interest. Nobody should ever assume that anything written on the internet is untraceable or anonymous. Even where information passes through anonymizing systems, there may still remain some ID data that can be matched to another source.
So running something like NoScript will prevent this?
Of course not. That exploit collected assumed geographic location as people visited a web site, but targeted IP scanning just needs the machine switched on (run ZoneAlarm or similar and you will see that your own machine is probably probed once in a while).
The Mac address is public data with limited availability, but necessarily available as part of the network protocol. The Mac address of your router is known to any network that the router joins, i.e. your ISP (and therefore anyone with sufficient authority or access). Anyone else could try ping 1.2.3.4 ; arp -a, which may list the Mac address at IP address 1.2.3.4, or nmap -O -T5 1.2.3.4 to get the operating system, open ports and Mac address of a compliant machine. If 1.2.3.4 is not on your local network, then a port scan may breach the contract with your ISP, or be illegal.
However, I think a lot of this is entirely beside the point - the internet requires ID data of some form to make and maintain every connection, and the vast majority of ID data can be logged if the target is of interest. Nobody should ever assume that anything written on the internet is untraceable or anonymous. Even where information passes through anonymizing systems, there may still remain some ID data that can be matched to another source.
That's pretty scary, actually.
Hmm, I thought they were collecting the SSID's, not MAC adresses?
_________________
Hmm, I thought they were collecting the SSID's, not MAC adresses?
Nah, SSIDs change and multiple people can have the same one, whereas MAC addresses stay the same (in theory anyway, though in practice it's fairly trivial to change), and you generally won't find more than one person with the same one.
I am happy to report, however, that Skyhook's location attached to my MAC address is completely wrong
Nah, SSIDs change and multiple people can have the same one, whereas MAC addresses stay the same (in theory anyway, though in practice it's fairly trivial to change), and you generally won't find more than one person with the same one.
I am happy to report, however, that Skyhook's location attached to my MAC address is completely wrong
How did you check your Mac location data? Is there a convenient Skyhook (or Google Location) page?
The Mac address is a unique invariant burned into each ethernet device at manufacture. Skyhook's FAQ: How does WPS identify access points? Each access point has a unique Media Access Control (MAC) address which serves as a serial number for that piece of hardware, such as 00-08-74-4C-7F-1D. It broadcasts every 100 milliseconds. WPS uses this MAC address to identify individual routers. ... How many 802.11 access points are known reference points in WPS? Skyhook's reference database contains tens of millions of access points. The coverage area includes tens of thousands of cities and towns across North America, Europe, and Asia.
But seriously everyone, this is a tangent. Consider the very clever Panopticlick Browser Identifier at the Electronic Frontier Foundation - http://panopticlick.eff.org/ - and the methods used to determine uniqueness. All of us have habits (boards we frequent, passwords, usernames) that can almost uniquely link two sets of data. One slip into comfort is enough to de-anonymize an entire alternate identity. From a policing perspective, your computer equipment is unique. From a social networking perspective, your online ID is unique. If you use the same computer or the same online ID in two locations, those two locations are (in principle) linkable, if anyone has the interest, the resources and the power or access to bother.
Try nmap on another PC in your home, try WireShark on your home network, look at the data that your network manager displays about your neghbour's wireless access points. Do a Google on an online ID (for instance stuartn might, or might not, tell you a hell of a lot about me, even reveal enough to guess my password, which I might be stupid enough to use on my home router, and you can get the brand and model name from nmapping my IP address if you want to reprogram it...).
iPod touches use it to track your location in the Maps app as they have no GPS hardware, so I tried it on mine and it took me to some random address.
It is easy to spoof a MAC address though, that's what I meant.
Try nmap on another PC in your home, try WireShark on your home network, look at the data that your network manager displays about your neghbour's wireless access points. Do a Google on an online ID (for instance stuartn might, or might not, tell you a hell of a lot about me, even reveal enough to guess my password, which I might be stupid enough to use on my home router, and you can get the brand and model name from nmapping my IP address if you want to reprogram it...).
All very true, which is why I never use the same username on more than one site, and I have different passwords on each site, many randomly generated.
I just found this blog posting: http://fasmz.org/~pterjan/blog/?date=20100813#p01 which contains the following command to access the Google database for the MAC address of the poster's router:
"version": "1.1.0",
"host": "perdu.com",
"request_address": true,
"address_language": "en_GB",
"wifi_towers": [
{
"mac_address": "56:7a:e8:68:15:4B"
}
]
}' http://www.google.com/loc/json
The output of this command (and equally accurate output for my router) is:
"country":"France","country_code":"FR","region":"Ile-de-France","county":"Paris",
"city":"Paris","street":"Rue Sainte-Apolline","street_number":"2","postal_code":"75003"
},"accuracy":150.0},"access_token":"2:yWOkYM4kI79VH1Bj:cvMZFkJhXSflywZB"}
EDIT: And I have just tested this for each of the mobile devices in our family, and they are also listed (with different street names within 150 metres). My eldest daughter's laptop, who is occasionally here, is listed with this address and the (correct) latitude and longitude for her own address in another city.
I didn't read most of the post, so sorry if this has already been said. But unless you're openly plotting to kill the president or something of that level, the most awesome and easy way to surf anonymous enough for 90% of all people is to get a diamond account with Giganews if you don't already have one. It's like $25 a month. Then you get a free VPN to their servers. Viola'! You're anonymous except vs. serious hackers that are after you and or a long list of federal warrants.
I think the best and safest course of action is to assume that nothing you do on the internet is anonymous or untraceable. If you work from that assumption and act appropriately, then you are unlikely to attract any attention and unlikely to come to harm.
I can't conceive of many reasonable, legal activities that would be limited by assuming your behaviour is traceable (and that includes reasonable, legal behaviour like accessing pornography or engaging in intimate, personal discussions on a web forum). If I was seriously concerned about anonymity, then I would use a completely separate ID created and used exclusively in library or web cafe computers - anonymity is destroyed the moment you use the same ID from home, or your home ID in the web cafe.
Similar Topics | |
---|---|
Question |
23 Oct 2024, 4:07 pm |
No job means a gf is out of the question? |
01 Oct 2024, 6:54 pm |
Updates + Question |
19 Sep 2024, 9:16 pm |
A simple question about being a genius |
24 Oct 2024, 1:43 pm |