TK Junk Mail
Go ahead, make my day
Premium
join:2002-03-03
Margate City, NJ
clubs:
 ·Comcast
|  Block timestamps using BBR's DrTCP stops method
Here is how it tracks system thru IP stack:The technique works by "exploiting small, microscopic deviations in device hardware: clock skews." In practice, Kohno's paper says, his techniques "exploit the fact that most modern TCP stacks implement the TCP timestamps option from RFC 1323 whereby, for performance purposes, each party in a TCP flow includes information about its perception of time in each outgoing packet. A fingerprinter can use the information contained within the TCP headers to estimate a device's clock skew and thereby fingerprint a physical device." But if you use the DrTCP utility here at BBR(Info: »Tweaking FAQ »DRTCP: How do I use it and what are all these settings?
Download: »/front/DRTCP021.exe ), you can turn off timestamps making this technique not functional.
--
My Web Page
My Blog
Join Red Room Forum |
|
oliphant
I Have 8 Boobies
Premium
join:2004-11-26
Corona, CA
| But how to do it with other devices like say DVRs or consoles...point being as I would think the first thing that comes to mind is providers returning to attempts at per seat charges for service and using this method or a method like it to audit people.
--
Don't get it, demand it! The Anime Network www.theanimenetwork.com |
|
DaveNJ
No Fear
join:1999-09-01
New Jersey | reply to TK Junk Mail
Re: Block timestamps using BBR's DrTCP stops metho
i would just go to a competitor if they did this, Plus i am sure you can hack to pervent it, as you said. |
|
McSummation
Mmmm, Zeebas Are Tastee.
Premium,MVM
join:2003-08-13
Round Rock, TX | reply to TK Junk Mail
Re: Block timestamps using BBR's DrTCP stops method
Another case of some idiot in a university (that's never seen the real world). TCP Time Stamping is off by default. We tweakers see lots of Tweak test results and it's the rare case where it is on. |
|
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| reply to oliphant
Re: Block timestamps using BBR's DrTCP stops metho
said by oliphant  :point being as I would think the first thing that comes to mind is providers returning to attempts at per seat charges for service and using this method or a method like it to audit people. I doubt providers would try to do this. I believe it was tried before with cable TV and a judge told them that it wasn't legal. I think the current setup is what they want to keep; where ISP's can infer that connecting more than one device is a violation of the TOS and/or theft of service, without actually saying it, while at the same time offering a home networking option to scare people into opting to pay extra; as opposed to it being taken to court and them potentially losing with the accompanying publicity.
In short they prefer to keep end user home networking a grey area where some people will pay for home networking in order to avoid the legal issues.
--
Dear Hollywood:Shut up and dance monkey! |
|
overhere
@65.185.x.x
| reply to TK Junk Mail
From what I understand, with Windows boxes....
1. Windows Client connects to our discovery device (this could be a web site etc...)
2. Windows client has timestamps turned off. syn/ack begins.
3. discovery device replies to the windows box with timestamp information included.
4. Windows box ignores that timestamps are turned off and decides to send timestamps in return. Hummmm windows is such a smart OS.
Then fingerprinting can begin. Still unsure of even if this method of fingerprinting is valid but I would assure you that if it is, it will not be patched by OS vendors if the vunerability is patched it may defeat the efforts of our goverment. May I remind everyone of the Patroit Act. |
|
