Anonymous via the Cypherpunks Tonga Remailer <nobody@cypherpunks.to> wrote:
> 1. Does this mean the government fascists can find me anywhere in the world if they know this hardware address?
Just choose your own MAC-Address, and configure it with software onto
your interface. Then tell them this address.
> 2. Can they read my terminal?
If they're using the camera left behind you...
> 3. What software do they use to know it is my computer?
Hm... one second, please. I'm just rebootin my crystal ball...
> 4. Is there any way I can change my hardware address?
Yes. Please use the documentation of your hardware and operating system.
Yours, VB.
--
"Almighty Father, who wilt hear the prayer of those that love Thee, we pray
Thee to be with those who brave heights of Thy heaven and who carry the
battle to our enemies. Guard and protect them, we pray Thee, as they fly
the appointed rounds." - Chaplain William Downey, prayer for the Enola Gay.
On Fri, 12 Aug 2005 19:19:11 +0200 (CEST), Anonymous via the
Cypherpunks Tonga Remailer <nobody@cypherpunks.to> wrote:
>In order to get onto a university's wireless system,
>I would have to give the sysops the identity of my computer,
>which looks something like
>
>00:bc:44:e3:ad:21
>1. Does this mean the government fascists can find me anywhere in the world if they know this hardware address?
No. The client MAC address is not transmitted in the TCP/IP packet
header. Only the ethernet packet header contains the source MAC
address and that ends at the switch or router.
However, the university switch or router has a table of connected MAC
addresses and associated IP addresses (ARP table) that can be used to
point to your machine. It will certainly point to the access point to
which you're connected. The rest of the world will not be able to
find you because they do not have access to the university switch
information, but the university can certainly get close.
Also, most universities use some form of proxy server and
authentication login for users to connect to their system. This will
identify the "portal" to which you're connecting and furthur help
locate you computer.
I've also done some work with direction finding of 802.11 and suspect
that you can be easily located if you don't take any countermeasures.
Be advised the wonderful people at Microsoft imbed tracking
information in the header of any MS Word, Excel, PowerPoint, and
Access file that is unique to your machine and can be used to
positively identify the machine of origin.
>2. Can they read my terminal?
Of course. They can sniff all the traffic to and from your machine.
Most university systems are NOT encrypted, but might go through a VPN.
If the VPN termination is at a university server, they can capture all
your traffic.
If you mean can they dive into your computer and snoop around, that is
largely a matter of how secure or insecure you setup your computah.
An amazing number of Windoze boxes have open shares or disabled
firewalls that are easily accessible.
>3. What software do they use to know it is my computer?
Ummm... To identify your computer? None. They are not trying to
identify the machine. They're interested in identifying the user.
When you login to the university network, you identify yourself. The
idea is that you can sit in front of any machine, login, and you get
to use the university network. The probably do log the MAC address of
the machine you're using.
>4. Is there any way I can change my hardware address?
So, what crime are you planning to commit? Terrorism perhaps? Stolen
wireless card? Many skools will suspend your computer access
privledges if you do something disgusting such as what I suspect
you're planning. Hopefully, whatever it's worth the risk.
Incidentally, I have a friends son who got burned in one of the "zero
tolerance" stupidities at his university. They had a ban on *ALL*
MP3's on university ftp or web servers. He's a music student and
placed some of his own compositions on his web server and was caught
by the university robot security daemon. It took about 3 months to
get his computer access back even though the university admitted that
it was a proper exception.
In article <20050812171911.0C10B170A5@mail.cypherpunks.to>,
Anonymous via the Cypherpunks Tonga Remailer <nobody@cypherpunks.to>
wrote:
> 3. What software do they use to know it is my computer?
The software is built into the routers or access points. They get a
list of all the MAC addresses that are allowed to use the university
network, and ignore any other machines. This is done to prevent the
network from being a public hotspot that anyone can hook into.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
> No. The client MAC address is not transmitted in the TCP/IP packet
> header. Only the ethernet packet header contains the source MAC
> address and that ends at the switch or router.
Do you remember when the MAC address was also part of Microsoft Word
document headers?
So in terms of being tracked globally, from a technical point of view it
depends on precisely what is meant although in the context of being
pinpointed by a nice big arrow on a big screen in Big Brother Central
Ops, No. :)
On Fri, 12 Aug 2005 19:19:11 +0200 (CEST), Anonymous via the Cypherpunks
Tonga Remailer wrote:
> 4. Is there any way I can change my hardware address?
To what end? The network administrator needs to know a MAC address in order
to associate your computer to the network. Whatever MAC address you use,
whether the factory assigned MAC address, or the one you spoof; they will
have it, and know which computer it belongs to.
--
Norman
~Shine, bright morning light,
~now in the air the spring is coming.
~Sweet, blowing wind,
~singing down the hills and valleys.
> On Fri, 12 Aug 2005 19:19:11 +0200 (CEST), Anonymous via the Cypherpunks
> Tonga Remailer wrote:
>
>> 4. Is there any way I can change my hardware address?
>
> To what end? The network administrator needs to know a MAC address in
> order to associate your computer to the network. Whatever MAC address you
> use, whether the factory assigned MAC address, or the one you spoof; they
> will have it, and know which computer it belongs to.
You can use different MAC for different networks. Your movements can't be
tracked, unless the netops correlate their log files, which seems unlikely
to ever happen.
But then you must play the game to the bitter end: use different application
layer identifiers, different writing style, etc. Why bother...
>> whether the factory assigned MAC address, or the one you spoof; they will
>> have it, and know which computer it belongs to.
>Not unless he spoofs someone else's MAC address. They'll have *an*
>address but won't know which computer it belongs to.
Checking on two is not that much more difficult than one.
>Unless they bother to hunt him down by triangulating his position via
>the access points. (or trace him down the copper path).
triangulate? This is not a cell phone. The range of an access point is
severely limited.
In article <ddl4nn$1r9$1@nntp.itservices.ubc.ca>,
Unruh <unruh-spam@physics.ubc.ca> wrote:
>David Taylor <djtaylor@bigfoot.com> writes:
>>Unless they bother to hunt him down by triangulating his position via
>>the access points. (or trace him down the copper path).
>triangulate? This is not a cell phone. The range of an access point is
>severely limited.
None the less, access-point triangulation is possible. Cisco's
WLAN controller advertises it as a feature, indirectly. The
technology was developed to detect rogue access-points and
rogue endpoints. The Cisco/Linksys technology correlates received
signal strengths at access points and endpoints.
--
Ceci, ce n'est pas une idée.
>In article <ddl4nn$1r9$1@nntp.itservices.ubc.ca>,
>Unruh <unruh-spam@physics.ubc.ca> wrote:
>>David Taylor <djtaylor@bigfoot.com> writes:
>>>Unless they bother to hunt him down by triangulating his position via
>>>the access points. (or trace him down the copper path).
>>triangulate? This is not a cell phone. The range of an access point is
>>severely limited.
>None the less, access-point triangulation is possible. Cisco's
>WLAN controller advertises it as a feature, indirectly. The
>technology was developed to detect rogue access-points and
>rogue endpoints. The Cisco/Linksys technology correlates received
>signal strengths at access points and endpoints.
Excpt that the signal strength varies a lot depending on the exact
orientation of the antenna in the endpoint wrt the accesspoint ( and
various other things), and this need not be the same for each AP
(reflections, etc)
> Checking on two is not that much more difficult than one.
He could arrange to spoof just about every MAC address that he sees. I
can cite an example of a college that had 700 MAC's on the LAN but the
administrator had only approved 400 devices.
> triangulate? This is not a cell phone. The range of an access point is
> severely limited.
Yes triangulate to locate the user. How far do you think an AP can
transmit?
> Excpt that the signal strength varies a lot depending on the exact
> orientation of the antenna in the endpoint wrt the accesspoint ( and
> various other things), and this need not be the same for each AP
> (reflections, etc)
Go take a look at the Trapeze Networks stuff, they claim location
accuracy down to 0.6m and it shows a nice big arrow to the location on
an imported CAD building plan that was used in the Ringmaster software
to plan the wireless solution.
I have no experience of Airespace (bought by Cisco) but they claim
better.
On Sat, 13 Aug 2005 07:51:09 GMT, David Taylor <djtaylor@bigfoot.com>
wrote:
>> No. The client MAC address is not transmitted in the TCP/IP packet
>> header. Only the ethernet packet header contains the source MAC
>> address and that ends at the switch or router.
>
>Do you remember when the MAC address was also part of Microsoft Word
>document headers?
>
>http://www.iss.net/security_center/a...ing/Methods/Te
>chnical/Spoofing/MAC/default.htm
>
>So in terms of being tracked globally, from a technical point of view it
>depends on precisely what is meant although in the context of being
>pinpointed by a nice big arrow on a big screen in Big Brother Central
>Ops, No. :)
>
>David.
Well, it goes a bit deeper than that. One of the more obnoxious
problems at universities is that student install wired or wireless
routers in their dorm rooms with NAT. Nothing really wrong with that
except that it totally destroys the MAC address based authentication
mechanism. The MAC addresses just don't go through the router. Some
universities ban the use of such routers, while others concoct
different methods of authentication or try to "discover" how many
machines are hidden behind the NAT firewall. This can be done in
various devious ways. The easiest is to setup a VPN server to access
the university network. The user has to login in via a VPN client,
which will merrily disclose all kinds of useful information including
the MAC address.
Ethernet devices are provided with a unique hardware address
at the time they are manufactured. This Ethernet Address
is separate and distinct from the IP address discussed above.
Equipment used on ResNet must use a manufacturer assigned address.
Equipment that either (a) uses an address of all zeros, or (b)
changes its address from day to day is either defective or infected
with an abusive computer program (worm or virus). In either case,
it is a violation of our rules to knowingly operate a computer that
does not use manufacturer assigned addresses on our network.
Most universities also run "arpwatch" on their networks. Any new MAC
addresses that appear on their DHCP server gets logged. If they fail
to authenticate, they get blocked after a few days. Works nicely to
keep the unauthorized machines out of the university network.
Digging deeper was the 1999 attempt by Comcast to bill their customers
by the number of computers that were running on their home network.
If they discovered more than one machine, some telemarketing group
would phone the customer demanding an extra $6/month per machine.
Comcast would rather forget they ever attempted such nonsense, but it
did bring up some interesting technology for detecting and identifying
machines behind a firewall or router. Most interesting was watching
the pattern of TCP/IP sequence numbers. Less interesting but more
effective were web pages that would try to identify client computers.
As for finding a users location, it's much easier than one would
suspect with the proper hardware. I've been doing some work with
RFC3825, which is a DHCP extension for location services. The
original idea was to have the AP disclose it's exact location to the
wireless client. The client then transmits the location to whomever
needs the information, such as the 911 center for a VoIP call. http://www.faqs.org/rfcs/rfc3825.html http://ietfreport.isoc.org/idref/rfc3825/ http://www.iana.org/assignments/bootp-dhcp-parameters (Tag 123)
Not much has been done with this as the standard has not been approved
yet. It's quite easy to impliment on the server end, but a bit of a
mess at the client. However, once the location information is
resident on the client side, it's fairly easy to trick the client into
disclosing the contents. Note that the location info includes
altitude or floor number.
> As for finding a users location, it's much easier than one would
> suspect with the proper hardware. I've been doing some work with
> RFC3825, which is a DHCP extension for location services. The
That's only going to give you the location of the user as defined by the
AP that they are using though is it not?
Trapeze does it by triangulation of the RF signal from 3 (or more)
mobility units (their name for their dumb AP's).
Because the Ringmaster software is used to configure these, you import a
plan of the building and define all the RF obstacles thus the software
not only calculates in 3D, the location for the radios and also the
power output of each (and tunes them at runtime if so set), they can
also determine the location of a given client pretty easily.
Anonymous via the Cypherpunks Tonga Remailer wrote:
> In order to get onto a university's wireless system, I would have to give the sysops the identity of my computer, which looks something like
>
> 00:bc:44:e3:ad:21
>
> 1. Does this mean the government fascists can find me anywhere in the world if they know this hardware address?
>
> 2. Can they read my terminal?
>
> 3. What software do they use to know it is my computer?
>
> 4. Is there any way I can change my hardware address?
>
Destroy all of that equipment immediately! Before the Germans find it!
On Sat, 13 Aug 2005 17:35:28 GMT, David Taylor <djtaylor@bigfoot.com>
wrote:
>> As for finding a users location, it's much easier than one would
>> suspect with the proper hardware. I've been doing some work with
>> RFC3825, which is a DHCP extension for location services. The
>
>That's only going to give you the location of the user as defined by the
>AP that they are using though is it not?
Correct. That's all that's required for VoIP 911 service. Note that
the AP DHCP data include floor number or altitude which is critical
for emergency services.
However, the AP might be capeable of measuring the latency to/from the
client and establishing a radius (actually a spherical surface). Two
or more radii can be used to establish a position. It's a bit of a
problem doing it in 3 dimensions, but not impossible. It really
depends on how much technology you want to throw at the problem.
>Trapeze does it by triangulation of the RF signal from 3 (or more)
>mobility units (their name for their dumb AP's).
>Because the Ringmaster software is used to configure these, you import a
>plan of the building and define all the RF obstacles thus the software
>not only calculates in 3D, the location for the radios and also the
>power output of each (and tunes them at runtime if so set), they can
>also determine the location of a given client pretty easily.
Oh, they're using signal strength. Bad idea because of reflections,
wall attentuation, non-isotropic antenna patterns, and interference
effects. It will probably be sufficient for locating rogue AP's,
laptops, and PDA's in an office building environement, but forget it
if the client has a highly directional antenna. Still, it's better
than manual guesswork. Have you tried it? Duz it work?
>> Checking on two is not that much more difficult than one.
>He could arrange to spoof just about every MAC address that he sees. I
>can cite an example of a college that had 700 MAC's on the LAN but the
>administrator had only approved 400 devices.
That is still just 2-1.
>> triangulate? This is not a cell phone. The range of an access point is
>> severely limited.
>Yes triangulate to locate the user. How far do you think an AP can
>transmit?
Not far enough that at least three of them are in range.
Admittedly once you know which access point is being used you know where he
is within about 20 meters.
No but i'm back on the next training course in a weeks time so I'll see
what I can find. You can download a demo of the Ringmaster software but
I'd say that it's not the most intuitive thing to get your head around
from a demo point of view as without the switch and radios to configure,
you're not going to see much from it.
> Oh, they're using signal strength. Bad idea because of reflections,
> wall attentuation, non-isotropic antenna patterns, and interference
Yes except that because they've pulled in a map of the building and
you've defined the attenuation of the RF objects, that's all taken into
account to a large degree.
> effects. It will probably be sufficient for locating rogue AP's,
> laptops, and PDA's in an office building environement, but forget it
> if the client has a highly directional antenna. Still, it's better
> than manual guesswork. Have you tried it? Duz it work?
It is aimed at an office environment, well at least a building type
scenario though where radio density is planned such that although you
can do directional antennas on the radios, the general aim is to define
your coverage area, the obstacles and let the software plan the location
based on omnidirectional antennas.
As for trying it, ask me again in a couple of weeks :)
> >> triangulate? This is not a cell phone. The range of an access point is
> >> severely limited.
>
> >Yes triangulate to locate the user. How far do you think an AP can
> >transmit?
>
> Not far enough that at least three of them are in range.
>
> Admittedly once you know which access point is being used you know where he
> is within about 20 meters.
20 metres in 3D in a highly populated building is a pain in the arse and
besides, you're excluding directional antennas which blows this right
out of proportion.
NormanM <spammers.are@immoral.invalid> wrote:
> On Fri, 12 Aug 2005 19:19:11 +0200 (CEST), Anonymous via the Cypherpunks
> Tonga Remailer wrote:
>
> > 4. Is there any way I can change my hardware address?
>
> To what end? The network administrator needs to know a MAC address in order
> to associate your computer to the network. Whatever MAC address you use,
> whether the factory assigned MAC address, or the one you spoof; they will
> have it, and know which computer it belongs to.
It would e nice if the OP actually participated in the thread 'he'
started, but since he doesn't, maybe we have to read between the lines.
I *think* that question 4 has to do with question 1:
OP> 1. Does this mean the government fascists can find me anywhere in the
OP> world if they know this hardware address?
I.e. I *think* that he wants to know if the known MAC address can be
used to track him when he is *not* connected to the universities
network. I.e. he is "anywhere in the world".
Assuming there is a direct 'link' between his MAC address and him [1],
the answer to the question is "yes". Hence question 4 (which has been
answered (with: it depends on your network card, 'router', etc.)).
[1] Some governements, including 'mine', seem to think such a link
exists. But since "clueless" and "governement" are all but mutually
exclusive, I guess I'm telling nothing new here.
> OP> 1. Does this mean the government fascists can find me anywhere in the
> OP> world if they know this hardware address?
>
> I.e. I *think* that he wants to know if the known MAC address can be
> used to track him when he is *not* connected to the universities
> network. I.e. he is "anywhere in the world".
They'll find him by just tracking his mobile phone instead. :)
> You can't triangulate, unless you know either directions or distances to the
> user. WLAN doesn't provide either.
I suggest you tell that to Trapeze Networks and Cisco with their
acquired Airespace product.
Trapeze does this by knowing the locations of the radios relative to
each other, the RF obstacles in between and the attenuation that each
gives and the signal level. Don't know what Airespace does but presume
it's similar.
On Sun, 14 Aug 2005 07:23:31 GMT, David Taylor <djtaylor@bigfoot.com>
wrote:
>> Oh, they're using signal strength. Bad idea because of reflections,
>> wall attentuation, non-isotropic antenna patterns, and interference
>
>Yes except that because they've pulled in a map of the building and
>you've defined the attenuation of the RF objects, that's all taken into
>account to a large degree.
Ummm... Map of the building in 3D including density of every wall,
floor, door, ceiling, furniture, books, people, etc which are presumed
to be stable. I suppose it can be mapped with some type of site
survey tool that trys to ignore reflections. I dunno. Methinks I'm
missing something about what they're doing.
>> effects. It will probably be sufficient for locating rogue AP's,
>> laptops, and PDA's in an office building environement, but forget it
>> if the client has a highly directional antenna. Still, it's better
>> than manual guesswork. Have you tried it? Duz it work?
>
>It is aimed at an office environment, well at least a building type
>scenario though where radio density is planned such that although you
>can do directional antennas on the radios, the general aim is to define
>your coverage area, the obstacles and let the software plan the location
>based on omnidirectional antennas.
Well, that's fair. I'm just questioning the accuracy. I can't get a
stable signal level just standing on one place and they expect to do
that in a rather large unstable volume. Let's just say I'm suspicious
bordering on cynical.
>As for trying it, ask me again in a couple of weeks :)
>David.
On Sun, 14 Aug 2005 10:46:04 GMT, David Taylor <djtaylor@bigfoot.com>
wrote:
>> OP> 1. Does this mean the government fascists can find me anywhere in the
>> OP> world if they know this hardware address?
>>
>> I.e. I *think* that he wants to know if the known MAC address can be
>> used to track him when he is *not* connected to the universities
>> network. I.e. he is "anywhere in the world".
>They'll find him by just tracking his mobile phone instead. :)
>David.
>> You can't triangulate, unless you know either directions or distances to the
>> user. WLAN doesn't provide either.
>I suggest you tell that to Trapeze Networks and Cisco with their
>acquired Airespace product.
>Trapeze does this by knowing the locations of the radios relative to
>each other, the RF obstacles in between and the attenuation that each
>gives and the signal level. Don't know what Airespace does but presume
>it's similar.
And as someone pushes a mail cart down the corridor, the attenuation and
signal level changes. Or someone hangs a picture with a foil backing.
> Ummm... Map of the building in 3D including density of every wall,
> floor, door, ceiling, furniture, books, people, etc which are presumed
> to be stable. I suppose it can be mapped with some type of site
> survey tool that trys to ignore reflections. I dunno. Methinks I'm
> missing something about what they're doing.
The way the software works is that you import a CAD (or even JPG) of
each floor and set a datum point to provide a vertical reference. The
software has a list of attenuations for US standard building materials
or you can do it by measurement or both. Plan first then measure and
compare later for fine tuning.
If the import is a nice dxf with wall types already chosen for the CAD
part then it's quite surprising how quickly you can map the building
with the RF obstacles.
> Well, that's fair. I'm just questioning the accuracy. I can't get a
> stable signal level just standing on one place and they expect to do
> that in a rather large unstable volume. Let's just say I'm suspicious
> bordering on cynical.
I have to say I was surprised with the claim that was made but i'm
interested to see in a weeks time so i'll let you know, it could well be
sales and marketing speak, time will tell. :)
David Taylor kirjoitti:
>>You can't triangulate, unless you know either directions or distances to the
>>user. WLAN doesn't provide either.
>
>
> I suggest you tell that to Trapeze Networks and Cisco with their
> acquired Airespace product.
>
> Trapeze does this by knowing the locations of the radios relative to
> each other, the RF obstacles in between and the attenuation that each
> gives and the signal level. Don't know what Airespace does but presume
> it's similar.
>
> David.
There are no standard methods. Proprietary solutions are another matter,
but they require a major overhaul of the base stations. Why should a
university network bother?
Can Known Hardware ID Make You Discoverable? 
Linear Mode
