Are you being tracked? A lesson in basic networking...

12 posts / 0 new
Last post
asymptote
asymptote's picture
Offline
Joined: 06/16/2011
Hat Tips: 395
Posts: 48
Are you being tracked? A lesson in basic networking...

Some guy wrote this:

"The opposition can track your IP and use geolocation to ID where you are writing."

He sounded pretty cool writing it too! But reality is a a bit more boring than you might think. I'll keep this simple so I don't sound like a twat trying to talk people down (like that guy was at the beginning of his post). 

MAC Address

On a network you are represented, at the lowest level by what known as a MAC address. It's a globally unique ID set in your network card by the manufacturer. To check you MAC address, open a command prompt Start >> Run cmd.exe.

Then type ipconfig /all

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection
        Physical Address. . . . . . . . . : 00-27-70-AA-46-5A (not my real one)
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.53
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 61.9.194.49
                                            61.9.195.193
        Lease Obtained. . . . . . . . . . : Friday, 5 August 2011 9:41:04 PM
        Lease Expires . . . . . . . . . . : Friday, 5 August 2011 10:41:04 PM

IP Address

The next layer in the network you need to know about is the IP layer. This is how most networks operate. The protocol called TCP\IP uses an address called the IP address to allow machines over the network to communicate. You can see my ip address in my home network above. Your 'public address' however is supplied by your ISP, and is used on the oher side of your router. To find out what it is go here:

http://www.whatismyip.com/

These two addresses are the main way you are tracked on the internet, via the network layer. To hide your ip address, use a free proxy (google free proxy) or try this: http://hidemyass.com/

Now check the whatismyip site again through hidemyass. Different IP right? There are better ways, but thats a basic way to get started. You are now IP cloaked.

So what about that 'geolocation thing'. Garbage! The best someone can do is tracert you (in that command prompt type tracert www.sony.com. Trace Route shows the network path between you and someone else. If you have a detailed enough network map, you can at best work out which local telco exchange you are connected to. Since you are usually a few km from the exchange, this isn't exactly accurate or even useful unless they have your real name (to do a local telephone listing search perhaps.). I'll even tell you my old ADSL exchange... Petersham, Sydney. There are about 50,000 people within range of that exchange. You are sill anonymous.

If you want a new Ip address and your router doesn't allow releases, simply turn it off when you don't need it. Each time you leave it of for long enough, like when you are at work or away on a weekend, chances are the DHCP lease will expire and when you power the router backup up it'll get a new address. 

Changing the mac address. Many network cards allow you to set you own mac address directly from the device properties(my dell laptop can), but here is something someone has already written:

http://whatismyipaddress.com/change-mac

The importance of the mac address is that if someone can resolve you mac from the network cloud, they know it's you, even if you change ISP's, or change country. The good news is, on the internet, getting a mac address is pretty hard, as you are likely layered behind a firewall. Most firewalls can change mac addresses as well. Poke around and play with it. I would not bother changing my mac unless I thought someone was out to get me... or my machine had been compromised.

Cookies

This is one of the use most prevalent tracking systems in use. When you visit certain websites they store unique ID's in your browsers cookie cache. Each time you visit the site, they know it's you. Piecing together the cookies in your directory allows someone to know information about you, but only if they have your history to go along with it. So, if you want to be paranoid, use something like Google Chrome in 'Igcognito' mode (as I do half the time), or perhaps a dedicated secure browser. 

Dial home code

This is an app that you can inadvertently install on your machine that will connect back to someone else on the internet, and report on whatever its designed to do. This usually fals in to the 'malware' category. If someone is coming after you, you'll get a special version just for you. No AV or Anti-malware will ever pick this up. For the truely paranoid (and moderatly technically competent) look in to ZoneAlarm or BlackICE. Zine or blackIce are software that keep track of what you consider safe and normal on your machine. If you DO ever get extra software on your machine, they will detect and question if thats what you want when that app starts, or when it tries to dial home over the network.

Dismiss all the rubbish by supposed experts on how 'they were tracked!'. If they were, and they really are technically competent, it's actually quite simple to stay safe and secure enough to make yourself a hard target. -not- an impossible, but fairly hard.

Still paranoid or want better security?

  • Turn off your Wifi entirely. (Unless you just turn it on to use a neighbors connection)
  • Use a layered firewall. I have an old Apple airport, hidden behind an old PIX, thats behind the ISP supplied firewall in my cable modem. 
  • Use truecrypt to store your documents. Make sure you backup the truecrypt file. Name it something like Video Hits 1997 - maybe corrupt.avi.old or something that 'should be' about a gig. Hiding in plain sight.
  • Use a different username and password for each and every site.
  • Turn off every service on your machine not needed(Services.msc). Then get used to your process list (task manager). You can spot most rogue programs once you are used to your process list.
  • Consider not using windows unless you really know you need to. Ubuntu or OSX are alternatives that give you a lower chance  of being exploited, as simply most tools and internet machines are running windows. They are not 'that much' better, but statistically, if you are not in windows, most 'pseudo hackers' will not bother you.

Who am I? I've been a programmer since I was 9, that's 30 years now, and professionally have worked in the infrastructure engineering  side of banking for the past 20 years. For a while I've worked as a security consultant(mostly for DMZ builds, but also for a bit of tiger work) and have spent many an evening wearing the black hat as well for fun. I've been around in this space since 2600 releases on BBS's were the only hacker community. What I will say, is that 98% ish of the 'hackers' are just posers using 'hacker' apps they didn't even write themselves. It's sad, and nothing something to worry about and I don' even consider myself a hacker in the slightest.

Edited by admin on 11/08/2014 - 06:24
tread_w_care
tread_w_care's picture
Offline
Joined: 06/14/2011
Hat Tips: 3056
Posts: 362
great basics intro

hat tip

__________________

"When plunder becomes a way of life for a group of men in a society, over the course of time they create for themselves a legal system that authorizes it and a moral code that glorifies it." - Frederic Bastiat http://en.wikiquote.org/wiki/Fr%C3%A9d%C3%A9ric_Bastiat

Code The Plumber
Code The Plumber's picture
Offline
Joined: 07/08/2011
Hat Tips: 329
Posts: 27
Not quite

I have absolutely  seen people get "looked up" with tools only available at the tracker's place of work.

It's great to give people safety tips, especially when you have investment sites (and god knows what else) scraping for hotmail and yahoo cookies, but everyone should also know:

China stole piles of info from our gov't by pouring fake chips in routers and selling them below market price.  A hardware listener, that doesn't report its own transmission.  Brilliant.  Who made your router?  If it wasn't you, you should assume nothing.

The authors of the most common Unix/Linux IP stack allege they were paid by NSA to code back doors that  probably still exist in most implementations today.  Who wrote yours?  If it wasn't you, you should assume nothing.

Your ISP doesn't let you connect to shit until it identifies your hardware.  Anyone with say congressional approval to peek into your ISP's record of you (thank you, Patriot Act) can get to you.  Your access point's mac address gives them the street address with a quick knock on your ISP's virtual door.

Are hackers that get caught just dumbasses that forget to spoof their true mac address?  What about terrorists?  Do they not understand this either?  OBL just forgot to set up NAT.  Or does someone else have a bird's eye view of everything?  What do you reckon the volume of your outbound traffic is?  Throw up a monitor and check.  You think Microsoft can offer you Gb's of storage for free to store email, but nobody can viably keep your piddly outbound traffic when provided the world's biggest defense budget and congressionally authorized always-on hooks into the major hubs?

Good luck being anonymous.

Also, regarding dial home code, lots of software out there allows you to configure what applications are allowed to generate outbound messages.  I'm frustrated that this stuff isn't built-in and enforced at the OS level by now.  When I install software, the first thing I should be doing is specifying whether the software sis global or just for my user, what executable permissions I wish to grant the app, and whether to install services that are part of the install package. 

maravich44
maravich44's picture
Offline
Joined: 06/22/2011
Posts: 1221
@Code and Crop Circles.

.  Project Camelot. Hey man just take a tour. Library full of info. Best and Thank You.

Prize Fighter
Prize Fighter's picture
Offline
Joined: 06/14/2011
Hat Tips: 3349
Posts: 615
Now I know how my family

surprise

Now I know how my family feels when I talk economics.  Think I'll just have to remain visible with the other hundreds of millions.  Seems to me if you are one of the few who thinks they are hiding you'll probably just end up separating yourself out from the herd to be tracked by those back door ghouls.

silverbleve
silverbleve's picture
Offline
Joined: 06/14/2011
Hat Tips: 2217
Posts: 268
post pictures of your silver! not

Good stuff on security. I like to say you can never be too paranoid. (not sarcasm)

One more thing I wanted to add in there is exif data, the embedded info that is inside your images. If you use a gps enabled device like a smartphone, every picture you take has your exact location. 

The old blogspot site scrubbed all that data automagically, but the new site here lets users upload anything they want. 

here is a free site you can use to see what extra data is in your image before you upload or share it:

http://regex.info/exif.cgi

A little knowlege in this department I think will go a long way.

hey if you want to post pictures of your stash or let your location be known go right ahead, I just want to make sure no one does so accidentally.

Also, the mac address info is good to take into consideration as stated above. Your computers mac address is like a fingerprint, and in theory a very effective way to find you provided the manufacturer of your computer is willing to give out the sales data that correlates to your physical machine. 

turds macbook is a good example, say you had his macbooks mac address and you subpoenaed apple for the correlating credit card used to buy it /etc.  Just joking around so don't flame me but you get the idea.

admin
admin's picture
Offline
Joined: 04/15/2011
Hat Tips: 2964
Posts: 474
silverbleve wrote:The old

silverbleve wrote:

The old blogspot site scrubbed all that data automagically, but the new site here lets users upload anything they want.

Just to clarify, this is not true. The issue is when users link to images they have saved on third-party sites like Flickr.  Nothing we can do to prevent people from uploading images with extra data on other websites.

__________________

Site Administrator for TF Metals Report

silverbleve
silverbleve's picture
Offline
Joined: 06/14/2011
Hat Tips: 2217
Posts: 268
its ok

I'm not knockin you admin. Yes I know users can post images that are hosted on other sites. I would much rather have images I post uploaded through the nifty interface and hosted on the turd server, that way we know they will never 404. But my upload limit has been reached:)

I just wanted to put the word out how it works so users can make their own informed decisions. No blame was ever directed at you or your web team, you guys are cool. Good job on turds site!

admin
admin's picture
Offline
Joined: 04/15/2011
Hat Tips: 2964
Posts: 474
No worries, silverbleve, no

No worries, silverbleve, no offense was taken.  Just wanted to make sure to clarify so others have the right information.  Thanks for your support.

__________________

Site Administrator for TF Metals Report

BagOfGold
BagOfGold's picture
Offline
Joined: 08/05/2011
Hat Tips: 15486
Posts: 2348
If or when...

the government confiscates PMs...at least they will know where to find you!!!...

Bag Of Gold

UGrev
UGrev's picture
Offline
Joined: 06/14/2011
Hat Tips: 884
Posts: 168
As a programmer as well (not

As a programmer as well (not as long as asymptote) and knowing some lesser hats.. I can honestly say that if a real, tried and true, cracker wants your shit... he's going to get it. The game is "layering to make it un-profitable". That's all most of us who don't actively defend against attacks as a primary life roll can do. Good info none-the-less. 

cris
cris's picture
Offline
Joined: 06/14/2011
Hat Tips: 3404
Posts: 437
Awesome post

thanks for the great info

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Topic locked
Syndicate contentComments for "Are you being tracked? A lesson in basic networking..."