track hardware on the internet

electrickpirate

pirate extraordinaire
Joined
26 Jan 2004
Messages
111
don't know if this is 'old news' but found it interesting. its from:

http://www.theregister.co.uk/2005/03/11/clock_skews_finger_pcs/

"Researchers say they have found a technique which, with development, will enable someone to track hardware on the internet or within applications and identify it as a form of electronic fingerprinting.
By measuring tiny deviations, known as clock skews, in a devices hardware experts say that it may be possible to make the identification so unique that it could be used in a court of law, if the skews can be proven to be stable.
The passive technique is not OS-dependant but does rely on TCP timestamps in TCP headers, a feature which can be disabled in Linux or BSD. A NAT or firewall will have no effect on the fingerprinted device."
 
The military and/or other 3 letter government agencies have been doing this for years using telecommunications as a guide. Using what they call a BEVAR
Basic Electronic Vulnerability Assesment Report. Which oddly enough, had several websites available until last year, and which have now all been closed or are no longer available. How do I know this? Because I worked with the special project, which I wont name here. You can however, find its predecessor on-line. That Projects name is Classic Owl. It is more sensor research, based out of winter-harbor maine. It is a very quiet and not well known about, long arm of the Naval Security Group and NSA.

Dont ask me to tell you anything, do your own searches, the information is out there.

As my Sig suggests if you find this interesting, please give credit where its due. :D
 
Well, there has been a unique address forever in devices such as network adapters and routers, which is the MAC address... If someone can change the IP protocol to include the MAC address of a device in addition to the IP address, then you have a way to track the hardware... but that's only for network devices... am I wrong?
 
No you are correct, in particular however; the agencies I am referring too, and the way they track them has NOTHING to do with the MAC address... In common english they use the unique differences in the clock skews, or in the project I worked in, electronic signatures which are as unique as a fingerprint, this is because most items even something as simple a s a quartz watch have to have something to keep the timing stable. To do this they use crystals of some type all of which oscilate at different frequencies, and are all slightly different, add to that the skews from the clocks of the PCs or other device it is in... and you can find 1 computer in a jumble of thousands when only looking for 1 particular frequency with a specific hramony freq on top of it.

This is a science that you either worked on or didn't and find interesting or you don't, it is not the easiest to learn but the concept is easy to understand. I hope this clears it up Xtweaker.

Also, incase your wondering why dont they just use the MAC because its much easier... its because a MAC can be changed, the inherent frequencies of the crystal and or clock skews can not be....

It is widely used in military applications to identify for example... a carriers engines over the rest of the fleet by the way the engines reverberate off the hull in a much more simplistic war-type arena... which was used back in WWII, when programming mines... they have since then just revised it to mirror the virtual world... Very interesting stuff...

Enjoy :D
 
Thanks Malkrid, that does clarify it. I didn't know you could change the MAC address. The electronic signature makes a lot more sense if it can't easily be immitated or spoofed!
 
xtweaker said:
Thanks Malkrid, that does clarify it. I didn't know you could change the MAC address. The electronic signature makes a lot more sense if it can't easily be immitated or spoofed!

Well, technically you cant PHYSICALLY change it, you could however take an EPROM ID chip from one NIC and put it in another, the new ID would reference the other NICs Hardware code. Here is a page explaining how you could determine who the manufacturer is and what the serial is on the MAC:
http://compnetworking.about.com/od/networkprotocolsip/l/aa062202a.htm

Here is an example of how they are broken down... By the way it is a felony to mess with anything that has been regulated by the FCC (the EPROM hardware config) which is why you see the standard: "This device complies with all FCC regulations accepting interference.. yada yada... " I dont know if reprogramming the EPROM is "technically" a felony... I know messing with the hardware is...

Here is a link describing how to reprogram the EPROM:
http://www.iss.net/security_center/advice/Underground/Hacking/Methods/Technical/Spoofing/MAC/default.htm

Im betting I made this CLEAR AS MUD..

Hehe.. glad I could help!!
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back