 Fraoch
join:2003-08-01
London, ON | Anonymously Track a PC Anywhere on Net Oh, very nice. I'm sure ISPs would love to know how many devices are connected to their line so they could increase charges accordingly.
It could have some good security benefits but it sure opens the doorway to abuse. | |
|
 | Fraoch
join:2003-08-01
London, ON
| Re: Anonymously Track a PC Anywhere on Net Hmm, perhaps this may lead to utilities out there that will alter the clock settings of networking chips slightly.
I'm not talking massive overclocks, I'm talking very slight clock alterations.
I'm not even sure it's possible. Just an idea. | |
|
| | 
ronpin
Imagine Reality
join:2002-12-06
Nirvana
 ·AT&T Southwest
 ·Charter Pipeline
| Re: Anonymously Track a PC Anywhere on Net From the cited PDF paper...
...and we show how one might use a Fourier transform on packet arrival times to infer a device’s clock skew. ...
They almost had me believing it. Packet arrival times have random influences that no "Fourier transform" could account for. This is bullshit -- the paper is a fraud -- but I"ll keep reading it just to make sure. Besides, I'm pretty sure that TCP does not waste 32 bits on a time stamp unless there is a real-time/ordering requirement (but that could have changed in the last 5 years since I dealt with it). ICMP request are mentioned -- but don't most router firewalls block those anyway?
--
Lord protect me from your followers | |
|
| | | 
teambnet
Team B Group
Premium
join:2003-05-06
Chicago, IL
| Re: Anonymously Track a PC Anywhere on Net I agree: total BS. It would be impossible for a single deployed solution to parse traffic from a constantly evolving number of arrangements behind customers' public interfaces- especially if LAN side hacks appeared that were designed to overwhelm and not just obscure. | |
|
| | | | tquade
join:2000-10-14
Regina, SK | Re: Anonymously Track a PC Anywhere on Net Concur, although, it could be done with a laplace transform, a bit of convolution and a sprinkling of negative phlogiston.
Ted | |
|
| | | | | 
MoeDumb
"America Si, Obama No."
Premium
join:2002-09-23 | Re: Anonymously Track a PC Anywhere on Net It's crackers to slip a rozzer the dropsy in snide.
(I don't know what the hell I'm talking about either.)
--
"tick...tick...tick..." »www.jtf.org/ | |
|
| | | jaxjaguar
join:2001-05-29
Northridge, CA
| On the BS bandwagon myself. I'm no TCP protocol expert, but doesn't a NAT router change the time stamp when it NAT's the packet? And if it currently doesn't, I'm sure it's just a simple firmware change to add that feature and make the ISP's efforts worthless.
So there's nothing to worry about here. | |
|
| sman83
join:2004-11-09
Urbana, IL | From how I read is it possible to just turn off timestamps in the tcp/ip? Then no more detection | |
|
| | Fraoch
join:2003-08-01
London, ON
| Re: Anonymously Track a PC Anywhere on Net said by sman83  :From how I read is it possible to just turn off timestamps in the tcp/ip? Then no more detection Hmm, yeah, hopefully that will do it!:) | |
|
oliphant
I Have 8 Boobies
Premium
join:2004-11-26
Corona, CA | Now only if we had another PhD candidate would could write a paper on how to block it  | |
|
| DonLibes
Premium,ExMod 2001
join:2003-01-19 | Re: Now only if we had another PhD candidate This should be easy to block. Just run a little daemon that randomly adjusts your system time (backwards and forwards) by a few milliseconds every so often. | |
|
| | |
| | | 
Overhere
@65.185.x.x
| Re: Now only if we had another PhD candidate From what I understand, with Windows boxes....
1. Windows Client connects to our discovery device (this could be a web site etc...)
2. Windows client has timestamps turned off. syn/ack begins.
3. discovery device replies to the windows box with timestamp information included.
4. Windows box ignores that timestamps are turned off and decides to send timestamps in return. Hummmm windows is such a smart OS.
Then fingerprinting can begin. Still unsure of even if this method of fingerprinting is valid but I would assure you that if it is, it will not be patched by OS vendors if the vunerability is patched it may defeat the efforts of our goverment. May I remind everyone of the Patroit Act. | |
|
| 
tater_gunz
Shoot to kill
Premium
join:2003-08-22
Toledo, OH | What a fascinating article. I'll have have to keep my eyes peeled for more info. | |
|
ColdFiltered
join:2005-01-25
Atlanta, GA | Granting Internet access is all they get No one gives them permission to snoop my PC. | |
|
| hottboiinnc
Kyle
join:2003-10-15
Toledo, OH | Re: Granting Internet access is all they get not giving them any ideas but they could add it to the TOS and the AUP that it is required for support issues LOL. | |
|
|
ColdFiltered
join:2005-01-25
Atlanta, GA
| Yeah, and terminate my service whenever I bring home a new PC, plug in a new game console? I feel like the EFF would probably file sufficient suits aganist their fannies before that happened. Besides, they have to install something on your PC. No ISP has ever been allowed to do that in my home. | |
|
|
|
|
oliphant
I Have 8 Boobies
Premium
join:2004-11-26
Corona, CA
| Re: Block timestamps using BBR's DrTCP stops method But how to do it with other devices like say DVRs or consoles...point being as I would think the first thing that comes to mind is providers returning to attempts at per seat charges for service and using this method or a method like it to audit people.
--
Don't get it, demand it! The Anime Network www.theanimenetwork.com | |
|
| | 
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| Re: Block timestamps using BBR's DrTCP stops metho said by oliphant :point being as I would think the first thing that comes to mind is providers returning to attempts at per seat charges for service and using this method or a method like it to audit people. I doubt providers would try to do this. I believe it was tried before with cable TV and a judge told them that it wasn't legal. I think the current setup is what they want to keep; where ISP's can infer that connecting more than one device is a violation of the TOS and/or theft of service, without actually saying it, while at the same time offering a home networking option to scare people into opting to pay extra; as opposed to it being taken to court and them potentially losing with the accompanying publicity.
In short they prefer to keep end user home networking a grey area where some people will pay for home networking in order to avoid the legal issues.
--
Dear Hollywood:Shut up and dance monkey! | |
|
| 
DaveNJ
No Fear
join:1999-09-01
New Jersey | Re: Block timestamps using BBR's DrTCP stops metho i would just go to a competitor if they did this, Plus i am sure you can hack to pervent it, as you said. | |
|
| 
McSummation
Mmmm, Zeebas Are Tastee.
Premium,MVM
join:2003-08-13
Round Rock, TX | Re: Block timestamps using BBR's DrTCP stops method Another case of some idiot in a university (that's never seen the real world). TCP Time Stamping is off by default. We tweakers see lots of Tweak test results and it's the rare case where it is on. | |
|
|
overhere
@65.185.x.x
| Re: Block timestamps using BBR's DrTCP stops metho From what I understand, with Windows boxes....
1. Windows Client connects to our discovery device (this could be a web site etc...)
2. Windows client has timestamps turned off. syn/ack begins.
3. discovery device replies to the windows box with timestamp information included.
4. Windows box ignores that timestamps are turned off and decides to send timestamps in return. Hummmm windows is such a smart OS.
Then fingerprinting can begin. Still unsure of even if this method of fingerprinting is valid but I would assure you that if it is, it will not be patched by OS vendors if the vunerability is patched it may defeat the efforts of our goverment. May I remind everyone of the Patroit Act. | |
|
|
| 
AMDUSER
Premium
join:2003-05-28
Earth
clubs:
·RoadRunner Cable
| Re: For every single possibility to do something said by Doctor Olds :"..If man can think it up, another man can think a way to undo it.  .." Things could get intresting, although it seems unlikely that ISPs would impliment something like this; at least for the time being anyways. | |
|
| | Fraoch
join:2003-08-01
London, ON
| Re: For every single possibility to do something said by AMDUSER :Things could get intresting, although it seems unlikely that ISPs would impliment something like this; at least for the time being anyways. One of the ISPs around here (Rogers) explicitly states in its user agreement that you can only have one device connected to their network.
This is for their light package, but still. I'm sure they'd want to know if they could... | |
|
| | | 
ctceo
Premium
join:2001-04-26
South Bend, IN
clubs: | Re: For every single possibility to do something Rogers can umm..... Never-mind
For those inquisitive minds my Modem is the device they need to be worrying about. NOT how many computers in my home attach to it. | |
|
| | | achuchma
join:2001-04-11
Tampa, FL
| There is only one device attached to their network...your router.
The PCs on the other side are connected to YOUR network.
--
Playing the Tuba isn't an art, it's an adventure! http://www.lakesidepride.org | |
|
| | | Kkrunch
join:2001-09-03
Puyallup, WA | The only device I would connect to their network is my modem, the rest are connected to my network. Thank You. | |
|
| | | 
RARPSL
join:1999-12-08
Suffern, NY
| said by Fraoch :said by AMDUSER :Things could get intresting, although it seems unlikely that ISPs would impliment something like this; at least for the time being anyways. One of the ISPs around here (Rogers) explicitly states in its user agreement that you can only have one device connected to their network You are not in violation of this caveat since there IS only one device connected to their network - The Router (which is doing the NAT). All the computers are on YOUR LAN which is created by the router. The fact that the Router Gateways to Roger's WAN network (and though there to the Internet) does not mean that the computers can talk DIRECTLY to the Internet.
This is the same situation as having a private phone system (such as in a hotel or business) where you must dial 9 to get an "Outside Line" and when calling in, you must "Enter the Extension of the Phone you want to talk to" (ie: The phones do not have a direct dial incoming number). | |
|
| | | |
See 6 replies to this post |
|
iotastorm
@sbc.com | If its a timing thing... over/underclock the pc at random times thiis will change their timing. | |
|
|
| 
KaziSmith
Premium
join:2001-06-29
Dallas, TX
edit:
March 8th, @12:57AM
| Re: xxAA Ive seen my clock speeds vary throughout the day. Not by much (.1 difference to .0001 difference) but enough to throw them off.
The day I get billed for having multiple computers behind a NAT router is the day I file charges for invasion of privacy. I'm paying for one connection, wether that be with 1 computer or the 8 I have now doesn't matter. They all use the same bandwidth and limitations as a single computer. | |
|
| |
OKthedoors
@rr.com |  Re: xxAA
| |
|
| | | 
Rexter
YeeHaw
join:2002-11-17
cloud 9 |  Re: xxAA
| |
|
|
|
|
Anonymously Track a PC Anywhere on Net
Block timestamps using BBR's DrTCP stops method
