[>Htech] Tracking a Specific Machine Anywhere On The Net (fwd from eugen at leitl.org)
Sarad AV
jtrjtrjtr2001 at yahoo.com
Fri Mar 4 12:40:27 PST 2005
hi,
After looking at RFC1323 below
http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc1323.html#sec-4
the only reasonable option is to use the time old
pseudorandom numbers for TCP sequence numbers in the
TCP IP stack.
Another option would be to synchronize the client with
NTP but that wouldn't work either.Say that the client
clock can be updated ever one millisecond. However the
minimum network delay between the time server and the
client is usually 300ms to 800 ms.During this period a
large number of outboud packets are send from the
client depending on the speed at which the client is
blasting away. There are plenty of packets to analyze
for the attacker to determine the skew.
Sarad.
--- Eugen Leitl <eugen at leitl.org> wrote:
> ----- Forwarded message from Eugen Leitl
> <eugen at leitl.org> -----
>
> From: Eugen Leitl <eugen at leitl.org>
> Date: Fri, 4 Mar 2005 18:28:27 +0100
> To: transhumantech at yahoogroups.com
> Subject: [>Htech] Tracking a Specific Machine
> Anywhere On The Net
> User-Agent: Mutt/1.4i
> Reply-To: transhumantech at yahoogroups.com
>
>
> Link:
> http://slashdot.org/article.pl?sid=05/03/04/1355253
> Posted by: Zonk, on 2005-03-04 16:45:00
>
> from the not-the-sandra-bullock-movie dept.
> An anonymous reader writes "An article on ZDNet
> Australia tells of a
> new technique developed at CAIDA that involves
> using the individual
> machine's clock skew to [1]fingerprint it
> anywhere on the net."
> Possible uses of the technique include "tracking,
> with some
> probability, a physical device as it connects to
> the Internet from
> different access points, counting the number of
> devices behind a NAT
> even when the devices use constant or random IP
> identifications,
> remotely probing a block of addresses to
> determine if the addresses
> correspond to virtual hosts (for example, as part
> of a virtual
> honeynet), and unanonymising anonymised network
> traces."
>
>
> References
>
> 1.
>
http://www.zdnet.com.au/news/security/0,2000061744,39183346,00.htm
>
> ----- End forwarded message -----
>
> How to track a PC anywhere it connects to the Net
>
> Renai LeMay, ZDNet Australia
> March 04, 2005
> URL:
>
http://www.zdnet.com.au/news/security/0,2000061744,39183346,00.htm
>
>
__________________________________
Celebrate Yahoo!'s 10th Birthday!
Yahoo! Netrospective: 100 Moments of the Web
http://birthday.yahoo.com/netrospective/
More information about the cypherpunks-legacy
mailing list