track hardware on the internet

Discussion in 'Windows Desktop Systems' started by electrickpirate, Mar 14, 2005.

  1. electrickpirate

    electrickpirate pirate extraordinaire

    Messages:
    111
    Location:
    pittsburgh, pa
    don't know if this is 'old news' but found it interesting. its from:

    http://www.theregister.co.uk/2005/03/11/clock_skews_finger_pcs/

    "Researchers say they have found a technique which, with development, will enable someone to track hardware on the internet or within applications and identify it as a form of electronic fingerprinting.
    By measuring tiny deviations, known as clock skews, in a devices hardware experts say that it may be possible to make the identification so unique that it could be used in a court of law, if the skews can be proven to be stable.
    The passive technique is not OS-dependant but does rely on TCP timestamps in TCP headers, a feature which can be disabled in Linux or BSD. A NAT or firewall will have no effect on the fingerprinted device."
     
  2. mlakrid

    mlakrid OSNN BASSMASTER Political User Folding Team

    The military and/or other 3 letter government agencies have been doing this for years using telecommunications as a guide. Using what they call a BEVAR
    Basic Electronic Vulnerability Assesment Report. Which oddly enough, had several websites available until last year, and which have now all been closed or are no longer available. How do I know this? Because I worked with the special project, which I wont name here. You can however, find its predecessor on-line. That Projects name is Classic Owl. It is more sensor research, based out of winter-harbor maine. It is a very quiet and not well known about, long arm of the Naval Security Group and NSA.

    Dont ask me to tell you anything, do your own searches, the information is out there.

    As my Sig suggests if you find this interesting, please give credit where its due. :D
     
    xtweaker likes this.
  3. xtweaker

    xtweaker Tweaking Monkey

    Messages:
    129
    Location:
    Montreal
    Well, there has been a unique address forever in devices such as network adapters and routers, which is the MAC address... If someone can change the IP protocol to include the MAC address of a device in addition to the IP address, then you have a way to track the hardware... but that's only for network devices... am I wrong?
     
  4. mlakrid

    mlakrid OSNN BASSMASTER Political User Folding Team

    No you are correct, in particular however; the agencies I am referring too, and the way they track them has NOTHING to do with the MAC address... In common english they use the unique differences in the clock skews, or in the project I worked in, electronic signatures which are as unique as a fingerprint, this is because most items even something as simple a s a quartz watch have to have something to keep the timing stable. To do this they use crystals of some type all of which oscilate at different frequencies, and are all slightly different, add to that the skews from the clocks of the PCs or other device it is in... and you can find 1 computer in a jumble of thousands when only looking for 1 particular frequency with a specific hramony freq on top of it.

    This is a science that you either worked on or didn't and find interesting or you don't, it is not the easiest to learn but the concept is easy to understand. I hope this clears it up Xtweaker.

    Also, incase your wondering why dont they just use the MAC because its much easier... its because a MAC can be changed, the inherent frequencies of the crystal and or clock skews can not be....

    It is widely used in military applications to identify for example... a carriers engines over the rest of the fleet by the way the engines reverberate off the hull in a much more simplistic war-type arena... which was used back in WWII, when programming mines... they have since then just revised it to mirror the virtual world... Very interesting stuff...

    Enjoy :D
     
  5. xtweaker

    xtweaker Tweaking Monkey

    Messages:
    129
    Location:
    Montreal
    Thanks Malkrid, that does clarify it. I didn't know you could change the MAC address. The electronic signature makes a lot more sense if it can't easily be immitated or spoofed!
     
  6. mlakrid

    mlakrid OSNN BASSMASTER Political User Folding Team

    Well, technically you cant PHYSICALLY change it, you could however take an EPROM ID chip from one NIC and put it in another, the new ID would reference the other NICs Hardware code. Here is a page explaining how you could determine who the manufacturer is and what the serial is on the MAC:
    http://compnetworking.about.com/od/networkprotocolsip/l/aa062202a.htm

    Here is an example of how they are broken down... By the way it is a felony to mess with anything that has been regulated by the FCC (the EPROM hardware config) which is why you see the standard: "This device complies with all FCC regulations accepting interference.. yada yada... " I dont know if reprogramming the EPROM is "technically" a felony... I know messing with the hardware is...

    Here is a link describing how to reprogram the EPROM:
    http://www.iss.net/security_center/advice/Underground/Hacking/Methods/Technical/Spoofing/MAC/default.htm

    Im betting I made this CLEAR AS MUD..

    Hehe.. glad I could help!!
     
  7. mlakrid

    mlakrid OSNN BASSMASTER Political User Folding Team

    Oh, and thanks for the REP :D