The Ethical Hacker Network

Latest Additions

Who's Online

EH-Net News Feeds

Latest Additions

newbiehacker

Newbie

Offline

Posts: 1

Tracking

« on: May 27, 2011, 01:39:24 PM »

I am new to this and have several questions; ultimately I am concerned with the ways in which a person can be physically tracked though internet activity.

I know an IP address can be traced to a geographical area but are there ways to trace it back to hardware, i.e. a specific computer and therefore its owner?

Can an IP address be traced to a router address and from there a MAC address? When you send e-mails what addresses are sent?

If you are using a VPN or a program like Tor which change and hide IP addresses, can hardware be traced?

very new at this looking to get some help! thanks


	Logged

lorddicranius

Sr. Member

Offline

Posts: 396

Re: Tracking

« Reply #1 on: May 29, 2011, 09:41:16 AM »

Welcome to the forum!

As for tracing IP's back to specific machine, it's never 100%. I think ISP's can determine which location a specific IP address was leased to, but that's where it ends. There's no telling which computer was using that connection. A great example of this is the modem being connected to a wireless access point. IP's can be followed back to a router, but not to a MAC address. Once packets are routed through a router, MAC addresses (aka hardware addresses) are dropped from packet headers and are no longer used. But also keep in mind that connections can be anonymized (ie Tor, as you mentioned below), so the router IP being shown may be something on the other side of the world in reference to the actual user.

Emails don't contain MAC addresses (as they're routed through routers). When using a web-based email program, all you'll see is the IP of the company who owns the web-based email program (ie Google for Gmail, etc), and the IP's of the devices the email passed through to get to it's location. When using a desktop application for email, you may see the router's IP in the email headers that the user sits behind, but that's all.


	Logged

Blog: http://lorddicranius.wordpress.com/

WCNA

Full Member

Offline

Posts: 182

Re: Tracking

« Reply #2 on: August 11, 2011, 12:19:56 PM »

Allow me to expound a wee bit on what lord said as I work for an ISP that gets tracking requests all the time.

If it's a hit-n-run one-time use through someone's unsecured wireless router than probably not. If the government is after you then you are probably not safe no matter what technology you use. VPNs and Tor make it harder but it really just depends on who is doing the tracking and how much clout they have. In our case, a subpoena will have us monitor (or they will request access to a router) certain traffic to pinpoint your location (if it's not already in the logs) so the longer you stick to one address, the easier it is.

We get RIAA requests (actually demands) all the time but we use PAT in a lot of places so a simple request won't get them what they're looking for. With the advent of IPv6, there won't be any more hiding.

You'll probably find this video very interesting even thought he guy is kind of a jerk:
http://vimeo.com/13644580


	Logged

ISC2 Associate, WCNA, CWNA, OSCP, Network+

lorddicranius

Sr. Member

Offline

Posts: 396

Re: Tracking

« Reply #3 on: August 11, 2011, 04:35:14 PM »

Thanks for expanding on that, good to hear it first hand.

Quote from: WCNA on August 11, 2011, 12:19:56 PM

You'll probably find this video very interesting even thought he guy is kind of a jerk:
http://vimeo.com/13644580

I've heard of this guy, but have never heard/seen him speak before. Again, good info. Wasn't expecting 3hrs lol...but I was interested the entire time.


	Logged

Blog: http://lorddicranius.wordpress.com/

Pages: [1] Go Up

« previous next »

SANS Deals 4 EH-Netters

$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012

Recent Forum Topics