Fraoch
join:2003-08-01
London, ON | Anonymously Track a PC Anywhere on Net
Oh, very nice. I'm sure ISPs would love to know how many devices are connected to their line so they could increase charges accordingly.
It could have some good security benefits but it sure opens the doorway to abuse. |
|
oliphant
I Have 8 Boobies
Premium
join:2004-11-26
Corona, CA | Now only if we had another PhD candidate
would could write a paper on how to block it  |
|
ColdFiltered
join:2005-01-25
Atlanta, GA | Granting Internet access is all they get
No one gives them permission to snoop my PC. |
|
Monster Rain
Premium
join:2002-08-03
USA | Damn
I was too early:
»Remote physical device fingerprinting |
|
DonLibes
Premium,ExMod 2001
join:2003-01-19 | reply to oliphant
Re: Now only if we had another PhD candidate
This should be easy to block. Just run a little daemon that randomly adjusts your system time (backwards and forwards) by a few milliseconds every so often. |
|
Fraoch
join:2003-08-01
London, ON
| reply to Fraoch
Re: Anonymously Track a PC Anywhere on Net
Hmm, perhaps this may lead to utilities out there that will alter the clock settings of networking chips slightly.
I'm not talking massive overclocks, I'm talking very slight clock alterations.
I'm not even sure it's possible. Just an idea. |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
 ·Comcast
|  Block timestamps using BBR's DrTCP stops method
Here is how it tracks system thru IP stack:The technique works by "exploiting small, microscopic deviations in device hardware: clock skews." In practice, Kohno's paper says, his techniques "exploit the fact that most modern TCP stacks implement the TCP timestamps option from RFC 1323 whereby, for performance purposes, each party in a TCP flow includes information about its perception of time in each outgoing packet. A fingerprinter can use the information contained within the TCP headers to estimate a device's clock skew and thereby fingerprint a physical device." But if you use the DrTCP utility here at BBR(Info: »Tweaking FAQ »DRTCP: How do I use it and what are all these settings?
Download: »/front/DRTCP021.exe ), you can turn off timestamps making this technique not functional.
--
My Web Page
My Blog
Join Red Room Forum |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
·Sprint Mobile Broa..
·Comcast
| reply to DonLibes
Re: Now only if we had another PhD candidate
said by DonLibes  :This should be easy to block. Just run a little daemon that randomly adjusts your system time (backwards and forwards) by a few milliseconds every so often. Or turn off timestamps with DrTcp as shown in this post:
»Block timestamps using BBR's DrTCP stops method
--
My Web Page
My Blog
Join Red Room Forum |
|
Done_Posting
Shoot to kill
Premium
join:2003-08-22
Toledo, OH |  reply to oliphant
What a fascinating article. I'll have have to keep my eyes peeled for more info. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| For every single possibility to do something
there are equal (aka single) if not multiple possible ways to break or defeat that very thing. 
Been there before with the AT&T Researcher Steven M. Bellovin's paper and a simple BSD Firewall running on an old PC with two NICs will break that simple attempt to map behind NAT/NAPT.
»Hiding Behind Your NAT
If man can think it up, another man can think a way to undo it. 
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
oliphant
I Have 8 Boobies
Premium
join:2004-11-26
Corona, CA
| reply to TKJunkMail
Re: Block timestamps using BBR's DrTCP stops method
But how to do it with other devices like say DVRs or consoles...point being as I would think the first thing that comes to mind is providers returning to attempts at per seat charges for service and using this method or a method like it to audit people.
--
Don't get it, demand it! The Anime Network www.theanimenetwork.com |
|
hottboiinnc
ME
join:2003-10-15
Cleveland, OH | reply to ColdFiltered
Re: Granting Internet access is all they get
not giving them any ideas but they could add it to the TOS and the AUP that it is required for support issues LOL. |
|
ronpin
Imagine Reality
join:2002-12-06
Nirvana
 ·AT&T Southwest
| reply to Fraoch
Re: Anonymously Track a PC Anywhere on Net
From the cited PDF paper...
...and we show how one might use a Fourier transform on packet arrival times to infer a device’s clock skew. ...
They almost had me believing it. Packet arrival times have random influences that no "Fourier transform" could account for. This is bullshit -- the paper is a fraud -- but I"ll keep reading it just to make sure. Besides, I'm pretty sure that TCP does not waste 32 bits on a time stamp unless there is a real-time/ordering requirement (but that could have changed in the last 5 years since I dealt with it). ICMP request are mentioned -- but don't most router firewalls block those anyway?
--
Lord protect me from your followers |
|
AMDUSER
Premium
join:2003-05-28
Earth
clubs:
·RoadRunner Cable
| reply to Doctor Olds
Re: For every single possibility to do something
said by Doctor Olds :"..If man can think it up, another man can think a way to undo it. .." Things could get intresting, although it seems unlikely that ISPs would impliment something like this; at least for the time being anyways. |
|
Fraoch
join:2003-08-01
London, ON
| said by AMDUSER :Things could get intresting, although it seems unlikely that ISPs would impliment something like this; at least for the time being anyways. One of the ISPs around here (Rogers) explicitly states in its user agreement that you can only have one device connected to their network.
This is for their light package, but still. I'm sure they'd want to know if they could... |
|
sman83
join:2004-11-09
Urbana, IL | reply to Fraoch
Re: Anonymously Track a PC Anywhere on Net
From how I read is it possible to just turn off timestamps in the tcp/ip? Then no more detection |
|
Fraoch
join:2003-08-01
London, ON
| said by sman83 :From how I read is it possible to just turn off timestamps in the tcp/ip? Then no more detection Hmm, yeah, hopefully that will do it!:) |
|
ctceo
Premium
join:2001-04-26
South Bend, IN
clubs: | reply to Fraoch
Re: For every single possibility to do something
Rogers can umm..... Never-mind
For those inquisitive minds my Modem is the device they need to be worrying about. NOT how many computers in my home attach to it. |
|
DaveNJ
No Fear
join:1999-09-01
New Jersey | reply to TKJunkMail
Re: Block timestamps using BBR's DrTCP stops metho
i would just go to a competitor if they did this, Plus i am sure you can hack to pervent it, as you said. |
|
achuchma
join:2001-04-11
Tampa, FL
| reply to Fraoch
Re: For every single possibility to do something
There is only one device attached to their network...your router.
The PCs on the other side are connected to YOUR network.
--
Playing the Tuba isn't an art, it's an adventure! http://www.lakesidepride.org |
|
