.

Tracking

<<

newbiehacker

Newbie
Newbie

Posts: 1

Joined: Fri May 27, 2011 1:27 pm

Post Fri May 27, 2011 1:39 pm

Tracking

I am new to this and have several questions; ultimately I am concerned with the ways in which a person can be physically tracked though internet activity.

I know an IP address can be traced to a geographical area but are there ways to  trace it back to hardware, i.e. a specific computer and therefore its owner?

Can an IP address be traced to a router address and from there a MAC address? When you send e-mails what addresses are sent?

If you are using a VPN or a program like Tor which change and hide IP addresses, can hardware be traced?

very new at this looking to get some help! thanks
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Sun May 29, 2011 9:41 am

Re: Tracking

Welcome to the forum! :)

As for tracing IP's back to specific machine, it's never 100%.  I think ISP's can determine which location a specific IP address was leased to, but that's where it ends.  There's no telling which computer was using that connection.  A great example of this is the modem being connected to a wireless access point.  IP's can be followed back to a router, but not to a MAC address.  Once packets are routed through a router, MAC addresses (aka hardware addresses) are dropped from packet headers and are no longer used.  But also keep in mind that connections can be anonymized (ie Tor, as you mentioned below), so the router IP being shown may be something on the other side of the world in reference to the actual user.

Emails don't contain MAC addresses (as they're routed through routers).  When using a web-based email program, all you'll see is the IP of the company who owns the web-based email program (ie Google for Gmail, etc), and the IP's of the devices the email passed through to get to it's location.  When using a desktop application for email, you may see the router's IP in the email headers that the user sits behind, but that's all.
GSEC, eCPPT, Sec+
<<

WCNA

User avatar

Full Member
Full Member

Posts: 187

Joined: Wed Mar 02, 2011 8:05 am

Location: Florida

Post Thu Aug 11, 2011 12:19 pm

Re: Tracking

Allow me to expound a wee bit on what lord said as I work for an ISP that gets tracking requests all the time.

If it's a hit-n-run one-time use through someone's unsecured wireless router than probably not. If the government is after you then you are probably not safe no matter what technology you use. VPNs and Tor make it harder but it really just depends on who is doing the tracking and how much clout they have. In our case, a subpoena will have us monitor (or they will request access to a router) certain traffic to pinpoint your location (if it's not already in the logs) so the longer you stick to one address, the easier it is.

We get RIAA requests (actually demands) all the time but we use PAT in a lot of places so a simple request won't get them what they're looking for. With the advent of IPv6, there won't be any more hiding.

You'll probably find this video very interesting even thought he guy is kind of a jerk:
http://vimeo.com/13644580
ISC2 Associate, WCNA, CWNA, OSCP, Network+
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Thu Aug 11, 2011 4:35 pm

Re: Tracking

Thanks for expanding on that, good to hear it first hand.

WCNA wrote:You'll probably find this video very interesting even thought he guy is kind of a jerk:
http://vimeo.com/13644580


I've heard of this guy, but have never heard/seen him speak before.  Again, good info.  Wasn't expecting 3hrs lol...but I was interested the entire time.
GSEC, eCPPT, Sec+

Return to Forensics

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software