Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
I Know Where You are and What You are Sharing (arxiv.org)
40 points by programd on Sept 24, 2011 | hide | past | favorite | 2 comments


Juicy stuff is at section 5.3.

Apparently they're exploiting incremental/predictable IP-IDs sent in packets to the same IP but possibly different machines in order to determine whether it's the same machine or not. Linux seems to always do 0 (which makes it predictable), except for a bug several years ago, if I'm reading this right: http://seclists.org/bugtraq/2006/Mar/258 Windows XP, Vista, and 7 all use incremental IDs, so the difference of the return IDs should be small.


You can do even better with some good network timing gear and extract the physical distance from the NAT point based on time of flight. Another way to differentiate between machines.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: