Are you being tracked? A lesson in basic networking...

12 posts / 0 new
Last post
#1 Fri, Aug 5, 2011 - 9:08am
asymptote
Offline
-
Australia
Joined: Jun 16, 2011
48
395

Are you being tracked? A lesson in basic networking...

Some guy wrote this:

"The opposition can track your IP and use geolocation to ID where you are writing."

He sounded pretty cool writing it too! But reality is a a bit more boring than you might think. I'll keep this simple so I don't sound like a twat trying to talk people down (like that guy was at the beginning of his post).

MAC Address

On a network you are represented, at the lowest level by what known as a MAC address. It's a globally unique ID set in your network card by the manufacturer. To check you MAC address, open a command prompt Start >> Run cmd.exe.

Then type ipconfig /all

Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection Physical Address. . . . . . . . . : 00-27-70-AA-46-5A (not my real one) Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.53 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 61.9.194.49 61.9.195.193 Lease Obtained. . . . . . . . . . : Friday, 5 August 2011 9:41:04 PM Lease Expires . . . . . . . . . . : Friday, 5 August 2011 10:41:04 PM

IP Address

The next layer in the network you need to know about is the IP layer. This is how most networks operate. The protocol called TCP\IP uses an address called the IP address to allow machines over the network to communicate. You can see my ip address in my home network above. Your 'public address' however is supplied by your ISP, and is used on the oher side of your router. To find out what it is go here:

https://www.whatismyip.com/

These two addresses are the main way you are tracked on the internet, via the network layer. To hide your ip address, use a free proxy (google free proxy) or try this: https://hidemyass.com/

Now check the whatismyip site again through hidemyass. Different IP right? There are better ways, but thats a basic way to get started. You are now IP cloaked.

So what about that 'geolocation thing'. Garbage! The best someone can do is tracert you (in that command prompt type tracert www.sony.com. Trace Route shows the network path between you and someone else. If you have a detailed enough network map, you can at best work out which local telco exchange you are connected to. Since you are usually a few km from the exchange, this isn't exactly accurate or even useful unless they have your real name (to do a local telephone listing search perhaps.). I'll even tell you my old ADSL exchange... Petersham, Sydney. There are about 50,000 people within range of that exchange. You are sill anonymous.

If you want a new Ip address and your router doesn't allow releases, simply turn it off when you don't need it. Each time you leave it of for long enough, like when you are at work or away on a weekend, chances are the DHCP lease will expire and when you power the router backup up it'll get a new address.

Changing the mac address. Many network cards allow you to set you own mac address directly from the device properties(my dell laptop can), but here is something someone has already written:

https://whatismyipaddress.com/change-mac

The importance of the mac address is that if someone can resolve you mac from the network cloud, they know it's you, even if you change ISP's, or change country. The good news is, on the internet, getting a mac address is pretty hard, as you are likely layered behind a firewall. Most firewalls can change mac addresses as well. Poke around and play with it. I would not bother changing my mac unless I thought someone was out to get me... or my machine had been compromised.

Cookies

This is one of the use most prevalent tracking systems in use. When you visit certain websites they store unique ID's in your browsers cookie cache. Each time you visit the site, they know it's you. Piecing together the cookies in your directory allows someone to know information about you, but only if they have your history to go along with it. So, if you want to be paranoid, use something like Google Chrome in 'Igcognito' mode (as I do half the time), or perhaps a dedicated secure browser.

Dial home code

This is an app that you can inadvertently install on your machine that will connect back to someone else on the internet, and report on whatever its designed to do. This usually fals in to the 'malware' category. If someone is coming after you, you'll get a special version just for you. No AV or Anti-malware will ever pick this up. For the truely paranoid (and moderatly technically competent) look in to ZoneAlarm or BlackICE. Zine or blackIce are software that keep track of what you consider safe and normal on your machine. If you DO ever get extra software on your machine, they will detect and question if thats what you want when that app starts, or when it tries to dial home over the network.

Dismiss all the rubbish by supposed experts on how 'they were tracked!'. If they were, and they really are technically competent, it's actually quite simple to stay safe and secure enough to make yourself a hard target. -not- an impossible, but fairly hard.

Still paranoid or want better security?

  • Turn off your Wifi entirely. (Unless you just turn it on to use a neighbors connection)
  • Use a layered firewall. I have an old Apple airport, hidden behind an old PIX, thats behind the ISP supplied firewall in my cable modem.
  • Use truecrypt to store your documents. Make sure you backup the truecrypt file. Name it something like Video Hits 1997 - maybe corrupt.avi.old or something that 'should be' about a gig. Hiding in plain sight.
  • Use a different username and password for each and every site.
  • Turn off every service on your machine not needed(Services.msc). Then get used to your process list (task manager). You can spot most rogue programs once you are used to your process list.
  • Consider not using windows unless you really know you need to. Ubuntu or OSX are alternatives that give you a lower chance of being exploited, as simply most tools and internet machines are running windows. They are not 'that much' better, but statistically, if you are not in windows, most 'pseudo hackers' will not bother you.

Who am I? I've been a programmer since I was 9, that's 30 years now, and professionally have worked in the infrastructure engineering side of banking for the past 20 years. For a while I've worked as a security consultant(mostly for DMZ builds, but also for a bit of tiger work) and have spent many an evening wearing the black hat as well for fun. I've been around in this space since 2600 releases on BBS's were the only hacker community. What I will say, is that 98% ish of the 'hackers' are just posers using 'hacker' apps they didn't even write themselves. It's sad, and nothing something to worry about and I don' even consider myself a hacker in the slightest.

Edited by: asymptote on Nov 8, 2014 - 5:24am
randomness