Can Known Hardware ID Make You Discoverable?

Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> writes:

>On Sun, 14 Aug 2005 10:46:04 GMT, David Taylor <djtaylor@bigfoot.com>
>wrote:

>>> OP> 1. Does this mean the government fascists can find me anywhere in the
>>> OP> world if they know this hardware address?
>>>
>>> I.e. I *think* that he wants to know if the known MAC address can be
>>> used to track him when he is *not* connected to the universities
>>> network. I.e. he is "anywhere in the world".

>>They'll find him by just tracking his mobile phone instead. :)
>>David.

>There are services which claim to be able to find stolen laptops
>anywhere using their software "tags" or "tracer". It would not take
>much to install something like this on the culprits computer. See:
> http://www.ztrace.com
> http://www.computrace.com
> http://www.trackion.com
> http://www.absolute.com
> http://www.sentryinc.com
>Their overall degree of accuracy in locating stolen laptops seems
>quite good. Who needs big brother when private enterprise can do it
>better.

It is software on the computer which "phones home" when the computer is
connected to the net.
Also an intelligent thief would surely wipe the disk and reinstall.




>--
>Jeff Liebermann jeffl@comix.santa-cruz.ca.us
>150 Felker St #D http://www.LearnByDestroying.com
>Santa Cruz CA 95060 http://802.11junk.com
> AE6KS 831-336-2558

> It is software on the computer which "phones home" when the computer is
> connected to the net.
> Also an intelligent thief would surely wipe the disk and reinstall.

Which is why I said if *he* is worried about being traced then he'd
better turn off his mobile phone, hand in his passport and not use
credit cards or be spotted on any CCTV etc. :)

David.

On 15 Aug 2005 15:15:07 GMT, Unruh <unruh-spam@physics.ubc.ca> wrote:

>Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> writes:

>>There are services which claim to be able to find stolen laptops
>>anywhere using their software "tags" or "tracer". It would not take
>>much to install something like this on the culprits computer. See:
>> http://www.ztrace.com
>> http://www.computrace.com
>> http://www.trackion.com
>> http://www.absolute.com
>> http://www.sentryinc.com
>>Their overall degree of accuracy in locating stolen laptops seems
>>quite good. Who needs big brother when private enterprise can do it
>>better.

>It is software on the computer which "phones home" when the computer is
>connected to the net.
>Also an intelligent thief would surely wipe the disk and reinstall.

"Intelligent thief" is an oxymoron. If he were intelligent, he
wouldn't be a thief.

Yes, it requires a working computer and ISP connection to be
effective. In the past 4 years, my customers have lost about 10
laptops. 3 of them used one of these services. All three were
recovered, usually from the unlucky person that bought the laptop from
the thief. None of the disks were wiped clean.

I managed to get my truck broken into and had my antique laptop
stolen. I didn't use any of these services but it was recovered
anyway. The "intellignet thief" had a bit of trouble getting past my
power on password and successfully destroyed both the floppy disk
drive and cdrom drives, probably in frustration, trying to get past
it. So much for intelligent thieves.

My point was that a similar program, designed to track a laptop, could
also be deployed to track a user. I could built it into a VPN or SSH
client, a cookie system, ActiveX control, or any of the tools normally
used by spyware. RFC3825 can be used to supply the necessary wireless
locations via DHCP.

Download the "find me" ActiveX location finder program from:
http://virtualearth.msn.com/
and see if you can be found. Who knows what evil lurks in the hearts
of Microsoft?



--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
AE6KS 831-336-2558

Jeff Liebermann wrote:

> "Intelligent thief" is an oxymoron. If he were intelligent, he
> wouldn't be a thief.
<...>
> My point was that a similar program, designed to track a laptop, could
> also be deployed to track a user.

Only if your argument above is rewritten, s/thief/user/.

> I could built it into a VPN or SSH
> client, a cookie system, ActiveX control, or any of the tools normally
> used by spyware. RFC3825 can be used to supply the necessary wireless
> locations via DHCP.

You can't verify the signal. It could be forged.

Anyway, what is the threat that this system is supposed to eliminate? If you
authenticate the user properly, what is the situation where you need to
check the location as well?

-- Lassi

On Sat, 13 Aug 2005 10:50:24 GMT, David Taylor wrote:

>> whether the factory assigned MAC address, or the one you spoof; they will
>> have it, and know which computer it belongs to.
>
> Not unless he spoofs someone else's MAC address. They'll have *an*
> address but won't know which computer it belongs to.
>
> Unless they bother to hunt him down by triangulating his position via
> the access points. (or trace him down the copper path).

Well, they will know that it belongs to a computer on their network. If it
is a cable service account, and it is not a registered MAC address, they
won't provide it with full Internet connectivity; Comcast has something
that hey call, "Walled Garden". You can get to one of their account
registration nodes, and that is about it.

The point is, if the MAC address is an authorized part of a given network,
the administrators will know a modicum of information about the computer;
and, possibly, the owner, user. At the least, given WLAN operations, the
WLAN administrator will know if a device is authorized, and be able to take
action against unauthorized devices.

--
Norman
~Shine, bright morning light,
~now in the air the spring is coming.
~Sweet, blowing wind,
~singing down the hills and valleys.

> The point is, if the MAC address is an authorized part of a given network,
> the administrators will know a modicum of information about the computer;
> and, possibly, the owner, user. At the least, given WLAN operations, the
> WLAN administrator will know if a device is authorized, and be able to take

Initially, the emphasis was on the campus network so external ISP's
wasn't really an issue.

Spoofing a MAC address that's allowed now allows 2 devices on, one of
them that shouldn't so they don't really know anything about "him", only
that the original MAC address is permitted.

David.

On Mon, 15 Aug 2005 20:45:41 +0300, Lassi Hippeläinen
<lahippel.at.ieee.org@moon.invalid> wrote:

>Jeff Liebermann wrote:
>
>> "Intelligent thief" is an oxymoron. If he were intelligent, he
>> wouldn't be a thief.
><...>
>> My point was that a similar program, designed to track a laptop, could
>> also be deployed to track a user.
>
>Only if your argument above is rewritten, s/thief/user/.

Users pay my exhorbitant consulting fees. Thiefs do not.

>> I could built it into a VPN or SSH
>> client, a cookie system, ActiveX control, or any of the tools normally
>> used by spyware. RFC3825 can be used to supply the necessary wireless
>> locations via DHCP.
>
>You can't verify the signal. It could be forged.

Signal? What signal? I'm muttering about being able to *LOCATE* a
user on the internet or on a skool network. If you mean
authentication for DHCP, RFC1338 does that quite nicely.
http://www.faqs.org/rfcs/rfc3118.html
Comcast and other DOCSIS users have been using this for quite some
time to keep users from setting up their own DHCP server and loading
their cable modems with creative parameters.

>Anyway, what is the threat that this system is supposed to eliminate?

Please re-read the previous messages in this thread. The topic is
whether knowing the MAC address can disclose the users location.

>If you
>authenticate the user properly, what is the situation where you need to
>check the location as well?

Oh, plenty of situations. Just because someone has successfully
logged in and authenticated doesn't mean that there's no reason to
contact or locate them.
1. Gross misues of the system by a non-responsive user.
2. Rogue access points.
3. Stolen logins and passwords.
4. Denial-o-service attacks that flood the authentication server.
5. Valid user infected with worm or spewing spam.
6. Chronic re-authentication failures caused by insane supplicants.
7. Hiding multiple computers and users behind a firewall.
8. Counterfeit or cloned MAC addresses.
9. Finding who and why someone is logging in at 2AM from a locked
building.
10. Whatever else I forgot.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
AE6KS 831-336-2558