Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
The Internet Your Rights Online

Quova Inc. Completes Trace of 4 billion IP Addresses 182

Posted by timothy from the wait-till-IPV6-for-the-real-fun dept.
RatzMilk writes: "Quova Inc. claim they have completed a global scanning system [Note: first mentioned on Slashdot in July -- timothy] that pinpoints the geographic location of Internet users in real time. The information gathered is then sold as a tool called 'GeoPoint' that can be used by advertisers to better target their advertisments to people based on their location. It doesn't rely on cookies or voluntary submissions from users, instead, using a data base built by scanning every host on the Internet. In gathering this information, they set off alarms all over the world, and yet, it seems that this is an accceptable practice in the eyes of the law. Individual people are having their computers impounded and in some cases are being incarcerated for doing the same. ... Further details on this story can be found at Security Focus." (Sorry, but Security Focus is not designed for direct linking; click on the link that says "Scanning Mystery Solved.") [Updated 5:58 GMT by timothy] Scratch the comment about deep linking; I've restored the link RatzMilk provided, which originally brought me only "page not found" errors. Hope it works for everyone ...
This discussion has been archived. No new comments can be posted.

Quova Inc. Completes Trace of 4 billion IP Address More

Quova Inc. Completes Trace of 4 billion IP Address

Comments Filter:

  • Aside from the invasion of privacy issues this brings up, whats to stop an organization with the financial backing from sueing the pants off these guys?

    Say for instance you're a large corporation which is very security-conscious. One dark weekend evening your border machines/firewalls/whatever sense that someone is launching a widespread scan of all your machines. Admins get paged, people come in to work, and everyone spends a few hours figuring out what the heck what happened, where the scan came from, and evaluating potential security breaches that may have resulted from this. Even after you realizing that its nothing too serious, the company has dropped a lot of time/money responding to and investigating this event.

    What's to stop someone from sueing them over this? I would be surprised if someone doesn't. Hey, if people can sue because McDonald's coffee is hot and you're uncoordinated enough to spill it on yourself, anything is possible. I won't even mention the hot pickle / scalding suit...

  • Is that true? I have absolutely no idea how AOL's network works, but I wouldn't be surprised if by the aol IP they could narrow it down to a city.

    AOL has dialup numbers just about everywhere, I always assumed that everywhere there was a little AOL building with the modems and a big fibre to Virginia. I assume for routing purposes an IP is assigned from within the little AOL building. If they figured out AOL's routing then, they could get decent resolution.

    Of course, I'm talking out of my ass, and this is all speculation, but if someone knows for sure, I'd be interested in hearing it.

  • Re:Legal Repercussions (Score:1)

    by Anonymous Coward
    Depends on what they do. If they, for instance, rapidly UDP scan an entire class A, I would consider that at least rude, and depending on the circumstances anything up to DoS/Theft of Services. The internet is a *cooperative* public network. People who don't cooperate should be banned. Likewise, so should people who whine about minor things. I have no problem with someone doing a a traceroute or a few pings -- these are normal parts of network operation used for testing, troubleshooting, etc. When people start abusing that, I get upset. I guess I would also be less worried if this were a less commercial venture. I have nothing against people making money, but in performing a scan, they used millions of people's resources, without consulting them, and with no benefit to them. If they made the database available publically, it would be different. Of course, then there wouldn't have been an VC funding, and it wouldn't have happened in the first place...
  • Advertisers are indeed brain-dead.

    Just try explaining to someone in ad sales why you have no idea how long someone was reading a given web page. They will blithely ignore you and continue using Web Trends fatally-flawed heuristics for guessing "unique users" and the like, or make even sillier jumps of logic.

    Ad sales: "But it says right here on the report."
    Me:"That report is a lie designed to provide you with statistics that do not exist. If I told you how long you read the newspaper this morning based on a conversation with your newstand owner, would you expect my estimate to be accurate?"
    Ad sales:"Oh, so the average user looks at our site for 30 minutes".

    Never mind that the number two "entry" page to the site is in fact redirect CGI to handle a drop-down menu used for site navigation; they take this shit as gospel when it's plainly bogus.

    After all, they've been using the Nielsen reports for ages and they aren't much better statistically than asking your friends what they like and guessing what the rest of the country likes.

    Boss of nothin. Big deal.
    Son, go get daddy's hard plastic eyes.

  • So now this database exists where I can get a location for these sites:

    www.SIPRnet.mil >> Location: Area 51, NV
    www.AlcoholicsAnonymous.org >> See www.GeorgeWBush.com
    www.AOL.com >> Location: Remedial Into to Computers Course, North Virginia Community College, VA
    Microsoft.com >> Location: Redmond, WA
    Microsoft.com >> Location (update): US Supreme Court, DC
    Microsoft.com >> Location (update1): Bangalor, India
    www.whitehouse.gov >> See www.whitehouse.com
    www.HotGrits.net >> Location: your pants
    www.NataliePortman.org >> Location: your dreams
    PenisBird.com >> See Slashdot.org
  • Maybe the people using the region restrictions will define an "anonymous proxy" region and deny access to it.
  • Guess again. I'm not even going to bother following the link--either you misinterpreted it, or they're wrong (likely the former).

    You see, in the US, supreme power does not rest with the people. An example. If a majority of the US citizens of voting age wanted Bill Clinton to be president for a 3rd term, would it happen? Nope. There are restrictions on this (the constitution being the main one). Now, the US has a mechanism for changing the constitution, so we could change the constituion to allow presidents to have three consecutive terms. But doing so would change the US from a republic to a NEW republic. If Bill Clinton was then elected, he would be eligible for two further terms, since that would be his first term as president of that particular country (irrgardless of two earlier terms as president of a very similar country that occupied the same territory earlier.

    So in short, the US has MAJOR checks on the exercise of democratic power, as can be seen every time a law is struck down, or a referndum is ignored. Which is why the US is not a democracy, whatever you might think.
  • So no, the advertising would be ENTIRELY wasted on me since as I said, I have never even been there and I've lived here 4 years so probably aren't about to start going there.

    Depends on the scale. Advertising targeted to your dialup's region will be a hell of a lot more relevant than advertising targeting Mongolia, Kazakstan or Hong Kong.

  • You're on a NAT, so when you send packets out to the rest of the world, instead of looking like you come from the private-network 10.* address your computer believes you have, it looks like you come from one common address Charter Cable uses in your area, which is mapped to your town, or maybe to the major city nearby. I doubt they're doing NAT on a larger scale than this, because besides being a routing bottleneck, they only have so many ports from the NAT address that they can dynamically reassign to ports of connections from your machine and those of all of your neighbors.
  • MAC addresses...uniquely identify individual computers

    That is assuming that you have a MAC address... isn't that an Ethernet attribute? What if I was running IP over another medium (ATM, TokenRing, etc...)?

  • As many already has said here, there are a lot of reasons why this information is no more usable than what is done today.
    I could mention one too, large companies where branches in different countries go through the company WAN to the HQ for internet access.

    If you are lucky you can go down to country level, and that information can evnen Apache get out from fx. MSIE(you know, the LanguagePriority directive [apache.org]), assuming that people have set it right, but at least itdescribes their preference.

    --------
  • Just call them repeatedly, the phone bill should bankrupt them

    Nope. You cannot connect to a US Toll Free number from outside the US/Canada phone system. I'm pretty sure it works the other way too.

    --
  • This entire thing is amazingly rediculous. It's silly that anyone is DOING this, and silly that anyone CARES they're doing this.

    Let's make it simple, here. They're pinging people right? Yup. I've pinged people. You've pinged people. It's a tool for figuring out if there's anything at a given address, and if it's awake. That's what it's designed for, that's what I've used it for, that's what you've used it for, and that's what they're using it for.

    Now, some companies with nearly enough brains to tell whether it's raining or not by standing outside have systems that actually page the sysadmin when they get pinged. Let's all feel sorry for the sysadmins, and hope they are lucky in their search for a job at someplace with an actual functioning clue. But none of that changes anything. If I go ping yahoo (I do this several times a week, since it's a nice easy to spell and remember domain name, will always be up, and if I can't reach it it means I've got connection problmes), I'm using ping for what it's designed for. So is this company. And if anyone doesn't like it, they should go back to whatever reality they came from, 'cause this one works differently. :-)

    Same holds for traceroute too. Useful tool, being used for the purpose it was designed for.

    Finally, what did the company get from all of this? A big-ass list of routers and stuff. Now if they fiddle around with nslookup, whois, dig, and so on, run a few regex searches through the list, and so on, they'll actually get some idea of what boxes are talking to what other boxes, and where they're located. Yipee. And although it's NEARLY useless for advertising, it's not COMPLETLY useless. Do a traceroute on my IP address, and you'll find fairly easily I'm PROBABLY in NZ. Or at least, the box that the IP address belongs to is in NZ, and thus I'm probably in NZ too. If some website uses this knowledge to put up a few fewer ads that are only useful to people in North America, I won't be even slightly sorry.

    What does it mean for us? Nothing. Any website that wants to can record the IP of anyone who visits (which DOES effect your privacy, since *IF* your on a static IP, that child sex sting site operated by the FBI that you visited might record your IP and go talk to your ISP). Now the website has a chance of knowing the area the IP address comes from. Big deal. *THIS* doesn't effect privacy. The goverment doesn't need it, and corperations can't use it.

    So to sum it all up... Some startup company is burning VC money doing something fairly silly (they'll certainly make money, but probably not enough to cover expenses). Some very silly corporations and security consultants are throwing a fit about it (do these people have NO idea how TCP/IP works?). And some silly /. posters are having a fit about privacy (honestly, do you EVER *THINK* before having panic attacks?). I personally find all three groups quite amusing. :-)

  • IMHO the database is useless. By trying to nail down IP addresses to geography they are trying to nail Jell-O to the wall. In 5 years I bet the turnover rate of IP's will be 100%.

    There certainly isn't anything wrong with the scanning. After all, IP addresses are a world resource, like Electromagnetic Frequency Spectrum. Surveying it doesn't infringe on anyone... and IMHO if an admin is so upset about a simple ping or traceroute bringing down their security wall, then they've got far bigger problems.

  • The problem here is not intrinsically that they know what state you are in. It is that e-tailers and web sites now have the power to find out, without any input on your part, where you are from. This is like, say, giving Best Buy the permission to fingerprint you every time you walk into, or even just glance in, the store.

    Now, if all of us were still on dial ups, this wouldn't be such a big deal, but with the increasing number of fixed, or even semi fixed IP's, this becomes a huge privacy concern.

    And how long, honestly, do you belive it will be before this company makes the leap into matching IP's to addresses. Or even to actual people. Then a web site operator will know who you are, where your from, etc, with no permission given on your part. If my viewing a web site is interpreted as tacit permission to collect personal data on me, the anonymous internet goes the way of the dodo.

    The jump from there to say, someone in a black suit knocking on your door because the server logs show that you looked at...questionable information is, unfortunately, not a big one. This will happen in steps, but if we are not careful, it will happen.
  • I thought IP addresses were, in general, distributed geographically anyway. I get that, say, Ford Motor Company might have Class A 11.0.0.0 (or something) and their machines are all over the place, but aren't ISPs assigned IP addresses geographically? Or am I nuts?

  • Heres what you do (Score:1)

    by Anonymous Coward
    Surely someone knows someone from this company or has the means to find this information. "Sell" their information to as many advertisers as you can find. Maybe having 20 pounds of mail delivered a day plus their phone ringing off the hook will give them some perspective.
  • Included in EUI-64 are two interesting pieces of information: the registered manufacturer of your NIC card and your 48-bit Ethernet address. Surprise! Every packet you send out onto the public Internet using IPv6 has your fingerprints on it. And unlike your IP address under IPv4, which you can change, this address is embedded in your hardware. Permanently.

    Scary stuff! Why havn't I heard that before? I'm not up on IPv6 so I'm going to do some research to see if it really is that bad!

    Comments anyone?

  • There should be nothing wrong with pinging. (Score:4)

    by Lord Ender ( 156273 ) on Sunday November 05, 2000 @08:07PM (#646972) Homepage
    The government should not do anthing to anyone for tracerouting or pinging. There is nothing wrong with that. I use these tools often, just for curiosity.

    If a computer has a web server running that allows anyone to download a webpage, it should be considered authorized use. If a computer returns my pings, that should be authorized use. These people should be allowed to ping/traceroute whoever they want, and so should I. If people don't want me to ping them, they should set up their computers not to return my pings.

    I long for the old days of the internet when you weren't considered a threat if you used a ping. Now we must play dumb or be considred "hackers".
  • This sounds like an interesting idea, although I'm not sure if I like it or not... What I would like to bring up is this. When my box at home is tracert'd, the trace stops in California, where my isp's (flashcom, I know they suck, but they were the only dsl available at the time) headquarters is. I've also used programs like.. neotrace (I think that's it...), and that also says that im located in California... So if that is the case, that would render the demographic information useless. Although I'm sure advertisers could still find a use for the information.

    Ennui [ennuiweb.com]

  • The World is Saved! (Score:5)

    by Spud the Ninja ( 174866 ) on Sunday November 05, 2000 @08:11PM (#646974) Homepage

    From their website:

    Global coverage. Distinguish Canada from Colombia, and Paris, Texas from Paris, France.

    As someone living in British Columbia, Canada, I have been in dire need of this service. Hooray!

  • > Even after you realizing that its nothing too serious, the company has dropped a lot of time/money responding to and investigating this event.

    They've spent a lot of money investigating something which they have erroneously detected as an attack. Technically, Quova is obeying internet rules and not doing anything that would legally be considered an attack. Whether they are following proper edicuit is another issue, but you can't sue somebody for breach of edicuit.

    Then again, I don't make any predictions regarding the wacky American legal system.

  • Of course he shops there, I don't think their advertisement is going to discourage him from buying their product, but they simply won't target him.
  • These folks THINK they know where networks are and traffic comes from. Consider:

    Most large companies have private or public address space, and rely upon thier own network of leased lines to move this address space around the world. You will find that, to simplify routing, etc. most of them have only one or two gateways out to the rest of what we call the internet.

    Consider the case of a big green and yellow oil company. The headquarters are in Britain, major distribution, fields, and refineries in Belgium, Russia, China, Alaska, Austral-Asia, Japan. Main internet gateway in Texas, because it's cheaper there.

    Think this "geocoded IP address" company and their product know and account for this? I suspect that the folks in Japan would get a lot of Texas-oriented web content, don't you think?

  • Did someone clue these people into the fact that there *ARE* only 4 billion IP addresses, and that over 1/4 of the address space is currently unpopulated?

  • Re:Ahh (Score:1)

    by Peyna ( 14792 )
    Actually.. I used to work at an ISP and when you get SMTP flooded in the same day some place like this is scanning your network, it is hard to not to considering them as a possible source. In fact, since we had the IP Address of the place that was repeated pinging our servers every couple of seconds (possibly checking to see if we were up, but it turned out otherwise) we managed to track it down to a phone number. So we called them, and asked them to stop, and they put us on some list so they wouldn't ping us anymore.


    I don't recall for certain, but I believe that they were doing some sort of network uptime tests or something like that, and I can't remember the name of the company, but if your a sys admin, and someone is pinging one of your routers continually, you damn well better stop them, or figure out who they are before you just let it go.

  • Some cable and DSL boxes work as routers, some as bridges, some as NAT boxes. If you're using a bridge-flavored box, it's your PC's MAC that matters. But those guys are probably not going to switch to IPv6 until Cisco and the Tier 1 ISPs make it easy, ICANN stops their current predatory pricing which is designed to prevent IPv6 adoption, and cheap DSL and cable routers support IPv6.
  • Okay, from my previous experience at an ISP, I know that with some phone companies, it is possible to get lines into a building with a lead number that is from a different area code if needed.

    This is great for smaller ISPs, since it allows to cover a larger area without more office space. And since people can be dialing in from further away say 100 miles or more, even if they are dialing a number which is local to them, their IP address will show that they are at the address of your ISP, (most likely obtained from a WHOIS query, this is how visual route works.. someone else already linked to it, and I don't know the address)

    So, in reality, you could be getting ads localized for your ISP which could be several hundred miles away, and quite possibly do you no good, or more accurately, the advertiser no good.

  • I'm sorry if I shocked'cha... not my fault'ough.
    As i said, the whole mess wasn't really planned, nor is there any intention to deceive anyone - not even evil double-click.
    It was just that we pooled proefssional resources from various countries and everyone is telecommuting. Technically we don't even have an office as such. Ain't the Net great?
    Obviously we are driving government departments in several countries bananas [as we don't pay tax for the company, anywhere] and run rings around petty issues like licensing, copyright, etc.

    I mean, a commercial license for a software can be shared by set number of individuals in a company - noone says that they have to all in the same building, city, country, continent [and coming soon: planet].

    But then, we started this whole thing back in 1991 and then spread out, adding new people, some of which left again to do their own thing.
    And by now it's next to impossible to explain just exactly what belongs to which company, who owns whom and who owes whom what.
    We've been audited in two countries and the guys went nuts and gave up.

    The only pitty is that when IPv6 is starting to spread, then some smart cookies will put IP and IP together and end up with maps of 'organic structures' like ours...
  • MAC is Ethernet, but IPv6 will read your MAC and calculate your IP using it so you have a unique address (you could effectively reverse the process and find someone's MAC from their IPv6 address). On top of this, you wont need to trace all the IP's from IPv6 because the packets hold onto the routing, this is a new "security" feature in v6.

  • One of the nice things about OS is that someone could change things to strip out the undesirable information from packets and put in dummy stuff.

    We could then decide whether to put random stuff in there or one set of information for everyone!

    I wonder if anyone will?

  • Sorry, but AOL has 14 mega-proxy servers that all web trafffic is directed to, and users are randomly switched from one to another, sometimes in the middle of a session. Ask anyone who's dealt with global ITM for a while, this is quite a headache...
  • Now we know who was online, and from where, during all of last year.. Oops! now it's out of date
  • This link [securityfocus.com] appears to work just fine.

  • IPv6 (Score:3)

    by isolation ( 15058 ) on Sunday November 05, 2000 @07:35PM (#646988) Homepage
    Does anyone know if this type of effort will be easyer with IPv6?

  • Actually, the only problem I have with this is that the database isn't open for anyone to use. I hope it someday is. I already knew that my location could be identified based on my IP address. Frankly, I wish companies would use that to automatically fill in my zip code when I visit a site, to save me the trouble. If I didn't want the company to know my zip code, I'd use anonymizer or some such proxy. The information is there. The "bad guys" are already using it. Now lets open it up to everyone so the "good guys" can use it to, and the less technical who don't want to give out the information can realize it's there in the first place. Blocking the database is merely security through obscurity.

  • Uhmm, Sure.... (Score:5)

    by quickquack ( 152245 ) on Sunday November 05, 2000 @07:36PM (#646990) Homepage
    I'd like some evidence to back their claim. First of all, 27 million AOL users will appear to be in Virginia. Secondly, I'm sure a lot of people use a ppp account on one of their colo/ISP's servers.

    Sooo, more evidence please!
    ------------
  • I disagree. I think that if a person wants to ping away anywhere, that's no problem at all. But reselling that data, especially for a profit, basically to further destroy what "privacy" we still have, is a bad thing.

    It's the reselling part. It's sorta like if Napster was charging for downloads of songs they do not own. Not the same as the free sharing going on with Napster.

    I don't want some advertiser sending me a bunch of targeted spam based on where else my IP has shown up on web server logs. In fact, I don't want large entity tracking where I go on the net, any more than I want someone to follow me around and take notes on where I walk.

  • Down at the bottom of the article in question, there's a bit of text that reads:

    Want to link to this article? Use this URL: <

    Whoops.

  • No actually, I have never even been there. There are towns much closer than that, but no decent ISP's that don't want you to take it up the rear on pricing.

    So no, the advertising would be ENTIRELY wasted on me since as I said, I have never even been there and I've lived here 4 years so probably aren't about to start going there.

    BTW, wonder how long it will be before the number of IP addresses surpasses the number of humans on this Godforsaken little rock?

    ---

  • Heck No!

    IPv4 provides for about 4 billion addresses.
    IPv6 provides for about 3*(10^38) addresses.
    If scanning 4 billion people was hard, scanning IPv6 should be next to impossible.
  • I suppose i should have added that I live in Michigan :). A VERY far reach from California...

    Ennui [ennuiweb.com]

  • Pinging/tracerouting alone, for their original diagnostic purposes, shouldn't be illegal.

    However, doing the same to provide unauthorized/unsolicted information on individuals should be highly illegal. It's about the same as calling everyone in the phone book and recording the way the phone is answered for resale (What reason someone would have for that I can't guess, but it's more to make a point)

  • Date: Sun, 5 Nov 2000 22:19:32 -0800 (PST)
    From: Kevin Fox
    To: frezza@alum.mit.edu
    Subject: IPv6 vs the Status Quo

    I just finished reading your article at Internet Week and I had two comments:

    First, network interface addresses aren't always hardwired, and many NICs allow you to, with the proper utility, change your 48-bit address to
    anything you want.

    Second, your Ethernet address is heavily used under current networks for a lot of things, and is stored in mailserver logs, correlated to email that you send out, and DHCP keeps records of Ethernet address/IP address mappings, records that could be hacked or subpoenaed to create a relatively solid link between an IP/time to an NIC.

    While I agree with many points in your article, I do think the above points were worth mentioning, as omitting them gives the article an aura of "We were safe before, but with IPv6 we're all f***ed." In actuality, we're only kind of safe now, and after IPv6, we're only kind of f***ed.

    Thanks,

    Kevin Fox
  • They are talking about selling IP world maps
    so lets that a picture is legal in France but not in china. They could tell you the country ip address that came from so you could block it.


    Web sites that provide music, video, and other forms of content finally have an effective solution for managing content distribution. By identifying the geographical location of Web visitors in real-time, GeoPoint lets you comply with territorial restrictions on digital content. Which means that you can continue to benefit from the vast global reach of the Internet while ensuring that content is only available to users in authorized areas. It's a smart and seamless solution for adhering to today's ever-changing distribution and copyright requirements.

    Comply with domestic and international distribution restrictions on Webcasts, music downloads, video clips, and other online content by limiting access from unauthorized areas.

    Respect user privacy by pinpointing their location without the use of cookies, registration information, or click-stream data.

  • No, we live in a republic.
  • You also have to wonder why they bothered.

    If I was running a site that marketed to people based on thier locations, or ISP location anyway, then I'd write a script to do it in real time rather than subscribing to thier undoubtably expensive services.

    altavista.com was doing this for a while, if you went there from the UK then a window popped up advertising altavista.co.uk.

    I smell the sweet stench of VC in this...

  • so i don't even have a real ip address (sucks), and neither does anyone else on charter's cable network (at least in my area)...so i guess i'm safe

    Safe from everything but your ISPs logfiles my friend ;-)

    In the UK, all the free/cheap ISPs (i.e. the ones most likely to DHCP your connection rather than give a static IP) will not allow you to connect to their service if you put "141" in front of the dialled number (which is meant to protect you from call-number forwarding). This means they get to log your phone number beside the IP address they have just allocated!

    I'd much rather have a static IP (which I do) on dial-up which allows me to phone up anonymously. At least then I can delay proceedings while they prove it was me on the phone :-P

  • My IP is actually in one state and I am in another! woohoo! The bad thing is that the IP is in Illinois and I am in Arizona. So I may have to put up with Chicago-style ads.

    Now how this work with anonymizers?
  • I DoS-ed a colleague's OmniSky by pinging him about 10 times a second with a 1k packet.

    That'll teach the showoff (Hi, Mike) ;-)

    On the offchance he was actually using it when Quova came knocking, he would have noticed a serious drop in bandwidth.

    --
  • Who has been incarcerated for port scanning? I am not saying that it has not happened, but from everything that i have read the courts have ruledd many times that "port scanning is like ringing the doorbell at a residence to see if anybody is home." If people are being arrested for this, then that is something that we should be up in arms about.

  • You only get what LOOKS like NAT if you use their stupid proxy servers. But, disable those settings and its basically an IP just like everybody else.

    i only wish i could bypass their proxy servers. in my area (a small rural state in the mid-atlantic area}, i don't think you have that option, so you either go thru their proxies (and logging, spying, etc) or have no cable modem.

  • I simply smell the sweet stench of easy bucks through advertising... a world where people will pay for the chance to show a 5-second image to 1 out of every 1000 people to walk by an obscure location. And most of THOSE people will ignore it.
  • Sure am. My post was in regard to an article referenced by another /. post, not the one mentioned at the top level. Sorry for the confusion.
    Kevin Fox

  • Actually I'm well aware that there will be an optional method, eventually, for masking MAC addresses in IPv6 [isi.edu], although last I checked a few months ago it wasn't final yet and no one seemed in a great rush...and no one held up IPv6 to wait for this fix to be part of the rollout.

    And I'm also aware that because it will not be the default, very few folk will use it; most folk will therefore have their true MAC address visible. Your comment is therefore not only snide but thoroughly misleading in terms of the practical effect on the privacy of not just average AOL users, but most people. I discuss all this and a great deal more about privacy in a recent article on privacy and the law [miami.edu] (Note: article is in .pdf but a crude HTML of an earlier draft is available here [miami.edu])& lt;/P>

  • Ahem... (Score:5)

    by Shoeboy ( 16224 ) on Sunday November 05, 2000 @08:26PM (#647018) Homepage
    This is not news. I've been able to track people's localles over the internet for years now. All truly skilled hackers can.
    I know where you live, where you work, when you sleep and what you fear.
    I have only one thing to say to you:
    Damn you're boring - why don't you get a life?
    --Shoeboy

  • Re:IPv6 (Score:3)

    by Narge ( 222568 ) on Sunday November 05, 2000 @08:35PM (#647020)
    Yes, it probably will be easier. Unlike IPv4, IPv6 has have a strict hierachy - Large ISPs being allocated top-level blocks of addresses, giving smaller blocks to local ISPs, who in turn allocate even smaller blocks to end-users, rather than the current system which has no such restrictions. There's also the issue of using ethernet MAC addresses in the last section of the address, which would uniquely identify individual computers (and therefore attach your "fingerprint" to everything you do on the net).

    http://www.ipv6.org/
    http://rf.cx/rfc2373.html (refers to use of MAC addresses)
    http://www.6bone.net/misc/case-for-ipv6.html (describes hierachical addressing ing IPv6 - page 30)
  • I sort of agree, but...
    It is still a matter of very fuzzy principles.

    So according to you, it is wrong to sell a database over traceroutes. How about a site that traces you at runtime? You have stated who you are (your IP) so how can you object to the site using it?

  • > How about a site that traces you at runtime?

    A single site, recording my activity in their own log for their own purposes? I don't have a problem with that.

    I have a huge concern if they then sell their log information to a tracking company which aggregates a lot of logs to then track my activity across the next.

  • I have a huge concern if they then sell their log information to a tracking company which aggregates a lot of logs to then track my activity across the next.

    Amen. I do hope that most of the sites that would be interested in this are guarding their own logs too jealously for this to happen, but I'm keeping my eyes open...

    But that was not really my question. As I understood it someone did a lot of traceroutes to find the location of the clients, then selling a database over the results of those traceroutes.
    Is there anything fundamentally different between doing this and tracerouting at runtime? (apart from the loss of efficiency in the later case)

  • Because guess what, I am going to rat. And I am not the only one.

    Assuming they didn't use RIPE, ARIN, or APNIC data to compile their database (and even assuming they did), what's the big deal? I don't even consider this an invasion of privacy, much less anything to worry about. Then again, slashdot users will bitch about just about anything (yet do absolutely nothing to "solve" the "problem".)

    - A.P.

    --
    * CmdrTaco is an idiot.

  • Ha. And that option doesn't _save_ it anywhere (like in EEPROM of the card). Wake up yourself!
  • While it's always frightening to discover that "they" are watching us in a new way, I'm not convinced this is really a scary thing. As many have pointed out, the service is not infallible. Since IP addresses are not necessarily geographically segregated, so if you are truly concerned about this, you can (rather easily) find ways around it.

    However, do we really need to? In "the real world," advertisers can avoid spamming people with irrelevant ads. Allowing this type of targetting online seems reasonable. Occasionally, advertising is useful -- it is a good way to learn about what's out there. Not every corporate practice is wicked and evil, even if it removes some level of the anonymity that was previously found on the internet.

    While privacy is important to protect, the internet is a changing place and I believe that the level of casually available anonymity will inevitably decrease. Some losses should be protected against, but I don't think this is one of them. Which step in their collection process should have been prevented? If your activities are traceable to _your_ IP address, then they are not anonymous, and I don't think any knowledgable individuals would expect them to be. Security through obscurity... The only difference is that it's now a little easier to figure out where (some of) those IP addresses are. If the information is out there to be collected by legal procedures, it will be collected.

  • Re:And so? (Score:4)

    by jbailey999 ( 146222 ) on Sunday November 05, 2000 @08:42PM (#647040) Homepage
    If you haven't heard this before, then you haven't been reading slashdot for long. This type of fear mongering is quite common when people talk about IPv6. The *recommended* way to generate an IPv6 address is through your MAC address. You're still welcome to assign them by hand if you so choose. Also, almost every Ethernet NIC can have its MAC address overridden.

    The poster apparently hasn't been following slashdot either...
  • AOL web stuff is proxied anyway so sites couldn't track you down, but IIRC Virginia is as close as you can get from an IP.

    If you want to easily see what sort of info you can on an IP get grab a copy of Visual Route [visualroute.com], or play with thier server [visualroute.com]

  • This sounds like total snake oil. How does scanning IPs tell you their geographical location? At most, you can look up the (physical) address of the netblock holder, which has very little to do with the physical location of the machines in the netblock. And that can easily be done using the RIR (ARIN, RIPE, APNIC) whois databases; Why would we need some other company to recycle the data for us?

  • The first? (Score:3)

    by wdr1 ( 31310 ) <wdr1 AT pobox DOT com> on Sunday November 05, 2000 @10:02PM (#647048) Homepage Journal
    How are they the first? Akamai's had this service for somet time now:

    http://www.akamai.com/html/sv/edse.html

    -Bill

  • An easy way to stop "them" tracking you .... (Score:4)

    by doctor_oktagon ( 157579 ) on Sunday November 05, 2000 @09:00PM (#647049)
    Dial-up long distance to an ISP in a backwards country using a phone company you know don't support call-number forwarding, and get a telnet account on a old UNIX server in a country where the police force are not savvy enough to be able to read the dialup log files.

    good: No-one will ever know where you live!

    bad: Using the net will be a pain, and you won't be able to do anything usefull.

    moral: It's all a trade-off between useability and personal space. You sacrifice one for the other.

    Would the medieval version of slashdot be so concerned when boats roamed through the seas and produced those things you earth-people called "maps" ... I don't think so! :-)

  • Phutet's GDP rises exponentially (Score:4)

    by Sheeple Police ( 247465 ) on Sunday November 05, 2000 @10:27PM (#647056)
    Future News Article:

    The small area of Phuket, located in the bustling country of Thailand, has seen it's GDP rise exponentially, due to the introduction of their latest service, Phuket Fun. Using Phuket Fun, security minded individuals can browse safely and anonymously, having their IP address completely masked.

    Should a company or individual do a lookup on the idea, they will see that the user is coming from Phuket U. A new era in privacy has thus been issued in, with companies like Akamai and services like geoTrace being told what they should have been rightfully told when they suggested such services - to Phuket.
    In all seriousness (which is rare for me), what would be the effect of using one of the many anonymous proxies out there which effectively mask your IP? Agreebly, these companies would have logs of your IP, but toss one of these companies into some off shore third world country (note: I simply used Phuket for the fun of the word), where the government can't control the people or the information, but thanks to grants/loans from places like the World Bank have been able to establish some form of information infrastructure, and you'd be safe! (And you'd also have a run-on sentance, but that is besides the point)

    In either event, I'm more concerned about the IPv6 potential for damage/abuse/blatent violations of rights than I am about having someone figure out that I live in Georgia (even though a Neotrace lookup from multiple people repeatedly implies I am in sunny California - don't I wish). It seems like just another company had some peeved geek sarcasticly tell the marketering guy "Oh, you want your database to be done by eunichs?!? Yeah, sounds like a great idea. While you're at it, why don't I create a program to find out where internet l-users live. That's another really great idea."

    Oh well, there's my two cents (Out of pity for having to endure my poor jokes).
  • AOL uses some location specific dial pools. So quite a lot of the AOL users can actually be traced to a region.

    Well, yes and no. I can't go into too much detail about the architecture, but any give "pool" of dialup IP addresses at AOL could be used by many dialup locations. The assignments of users to IP addresses are mostly done by round robin, not by location, since all the dialup connections are backhauled to AOL's datacenters.

    The closest you could nail down an AOL dialup IP is to the datacenter. To get any geographic information on a user, you'd need to have access to AOL's internal databases, and they won't even give that to partners.

    -Todd

    ---
  • You make an excellent point, wish I had some mod points still :)

    Why thank you kind sir! I'm scared that I'm sounding like I am ranting and raving, I'm just trying to not be too paranoid.

    If everyone had securely configured machines & networks, we could have avoided this mapping in the first place. However, it's only recently that security has finally surfaced as An Important Issue, and unfortunately the horse has already bolted!

    Intreguingly enough, I find this discussion interesting in a forum opposed to security through obscurity:

    many of those involved in this discussion are actively complaining that their privacy is being violated because their computer and/or the networks they traverse are releasing information about their computer. Surely this is truly open, and encourages those with the know-how to seek intelligent methods of avoiding this? In real-terms, the Internet is truly an "open" network!

  • Re:And so? (Score:2)

    by Anonymous Coward
    But you don't really seem to care about that since it's also on your homepage:)

  • Now THIS is ironic! (Score:4)

    by doctor_oktagon ( 157579 ) on Sunday November 05, 2000 @10:53PM (#647074)
    I just refreshed this story, and what banner advert should fill my screen?

    Think Geek advertising poster depicting Map of the Internet! [thinkgeek.com]

    So are we now boycotting Think Geek for commercially violating our address space? Or more to the point, isn't this actually an interesting visualisation of the virtual space we inhabit?

    Call me a doctor! I think I'm gonna die laughing!!

  • Not to mention that a lot of ISPs are now making it painfully obvious where you live thanks to the preschool level naming scheme they give to their routers. [cough]@Home[cough]PacBell[cough]

    I mean, if an advertiser wanted to send out some spam to customers in, say, Sacramento CA it's as easy as getting on a chat network and typing /who *.scrmnt1.ca.home.com and then messaging them all.

    - JoeShmoe

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -
  • Don't open that can, there are worms in it.

    It's the same argument that is used against Napster (and other "pirate" sites)
    Something that is legal/ethical/ortherwise OK when done once (like borrowing a CD, pinging a server) is suddenly illegal/unethical/a threat to the world as we know it, when done on a larger scale?

    Don't like the sound of that.

  • Let's see a company is abusing bandwidth for their own personal gain, causing heart ache to sys admins everywhere, gee isn't this a low layer equivalent of spamming?

    I hardly think this is causing poor sys admins to have nightmares. If your sys-admin breaks out in a sweat everytime someone ping-sweeps the network, I'd say it's time for a new sys admin!

  • Another site that does ip-geographic translation (Score:3)

    by raarts ( 5057 ) on Sunday November 05, 2000 @11:09PM (#647078)
    Take a look at RealMapping [realmapping.com], they really provide a lot of information.
  • I would do a reverse dns and a whois on each ip of interest, you would in best case get adress information for the technical contact that often, but by no means allways are located in the same office as that server

    This will not work in every case but perhaps it's good enough in a statistical perspective.

    Then there is allways snmp syslocation ;)

  • Re:Uhmm, Sure.... (Score:3)

    by Goldberg's Pants ( 139800 ) on Sunday November 05, 2000 @07:39PM (#647081) Journal
    You make a very good point. I for example live in a small town some 5 hours drive away from the location of the ISP I dial into. If they have that information, they no doubt believe I live in the city I dial into, so this kind of information is practically worthless.

    Of course, whether it's worthless or not, they just have to convince would be advertisers that is isn't, and advertisers are far from being the brightest bulbs in the box. Need proof? Remember my comments next time you see the same ad twice, sometimes three times in the same ad break on TV.

    Advertisers are brain dead.

    ---

  • Well, almost. Take 256^4. You get 4294967296. Take away the obvious ones that don't count (192.168.x.x; 255.x.x.x; 127.0.0.x; etc.) and you still get a little above 4 billion.

    This means that, in the best case scenario, they have traced 93.1322574615478515625% of the IP addresses; and at worst case, 100%. All the more reason for IPv6; so they'll have to toil just to trace them again!

  • Stealth Mode (Score:3)

    by Technician ( 215283 ) on Sunday November 05, 2000 @07:42PM (#647084)
    I wonder if machines (firewalls) that are set up to ignore pings fell under the radar, or did they still show from the old router logs of their provider?
  • We built this network to allow IP scanning.
    Geographic locations are (roughly) approximated by various IP registries & domain registries, which is publicly available information.

    What's the big deal?

    Oh.. and who gets prosecuted for scanning? I mean, sure, your ISP can put in your TOS that no scanning is to be done because it causes them a headache.. but that's only an issue with small residential connnections. If you have big pipes, you are NOT told what to do.

  • Re:The World is Saved! (Score:3)

    by psergiu ( 67614 ) on Sunday November 05, 2000 @09:38PM (#647102)
    This map thing is at least good for me. Now i won't receive spam letters with: call this 1-800 number in Florida ... me beeing in Eastern Europe.

    --

  • Re:IPv6 (Score:4)

    by mr3038 ( 121693 ) on Sunday November 05, 2000 @11:23PM (#647104)
    There's also the issue of using ethernet MAC addresses in the last section of the address, which would uniquely identify individual computers (and therefore attach your "fingerprint" to everything you do on the net).

    How about I change my MAC address? Get root and type in ifconfig eth0 hw addr 01:02:03:04:05:06. Just got yourself another MAC address. Do this like once a minute and it can be quite hard to track you down. Of course it breaks many other things but I'm just trying to tell that MAC address is not hardwired address and therefore shouldn't be used like one. [I found this information here [gnac.net].]
    _________________________

  • Hey, it's kind of a cool hack being reminded that 2**32 isn't a very big number, and that you really *can* ping everybody on the outer intranet. Of course, many of us live at addresses like 10.116.16.1 or 192.168.1.100 which don't resolve so well, or at 127.0.0.1 when we're in a solipsistic mood. If you don't live behind a firewall, you can always use www.anonymizer.com [anonymizer.com] or Publius or Zero Knowledge to delocalize where you are, and as marketing continues to take over everything, it'll be increasingly worthwhile to do that. Meanwhile, it's the middle of the night, and I'm not really in New Jersey, but my firewall is (&!^$#@# censorware won't let me connect to the anonymizer from there, though :-)

    On the technical side, besides the "we tracerouted everybody" hack, if they did use traceroute, they're also getting a lot of correlation information on what's connected to what, and on how long those distances are. And most of their connections are going to go through the NAPs, or through their ISP's peering relationships with other carriers, which are usually in a small number of cities, so they get a lot of correlation on locations they can exploit (they could even get fancy and reduce their traceroute load by taking advantage of serial searches.)

  • Re:Uhmm, Sure.... (Score:3)

    by arivanov ( 12034 ) on Sunday November 05, 2000 @11:49PM (#647110) Homepage

    AOL uses some location specific dial pools. So quite a lot of the AOL users can actually be traced to a region.

    What concerns me more is that such an effort is impossible without using registry information. IMHO the entire scanning was just noise and verification. For all practical purposes they were not able to build anything without using RIPE, ARIN and APNIC.

    All of these have extremely strict policies on such activities and this company if their database is accurate will disappear very soon. Because guess what, I am going to rat. And I am not the only one.

  • Pinging was used to gain publicity. So that they can "explain" how they got the information. If they did not get the assistance of every LIR around the globe they would have had to steal RIPE, ARIN and APNIC data.

    And this means IP address space revokation. Forever. This company is going off the net. Unstopable and irrevokable.
  • Right, well, the point was, they were systematically scanning the entire freaking address space, and they wouldn't tell anybody why; they had a bunch of noncommital biz-speak for a website, with no good contact information... it wasn't necessarily the fact of being scanned, but the fact they were being blatant and secretive at the same time, that set people off.

    You tell me, if you had, say, a class B network, and logged 65,000 ping requests from one address, what would you figure was the *legitimate* reason for someone to be paying that much attention to you? Would you still think so if they didn't respond to any attempts at contact?

    oh boy. I just looked at their website... They're pitching, not only zip-code level target-marketing, but the ability to

    "Comply with domestic and international distribution restrictions on Webcasts,
    music downloads, video clips, and other online content by limiting access from unauthorized areas."

    Yep, these guys are creepy alright.

  • And so? (Score:4)

    by Froomkin ( 18607 ) <froomkinNO@SPAMlaw.miami.edu> on Sunday November 05, 2000 @07:45PM (#647114) Homepage
    This is better at tracking you than a database based on reverse IP lookups because what exactly? (Keeping in mind that with IPv6 there's going to be *much* more data about you in each of those packets [internetwk.com]....)

  • Three words... (Score:4)

    by BlueHexahedron ( 216552 ) on Sunday November 05, 2000 @07:47PM (#647116)
    Cease and Desist
  • They only need to know where MOST of the people live. Like you said you live in a small town. They won't care about targeting their advertisement to you, but for the big town you live next too.
  • all they claim is that you can say "where is this IP located?" and it gives a general approimation of the geographical location it would be located in. businesses could target ads using the geographical location of the IP as a guide for what a person might be more interested in buying(like mariners caps for IPs located in seattle, a sea world discount pass for people in florida or san diego, etc). it doesnt mean they claim to be able to track usage of somebody based on their IP.
  • UUnet and Exodus. Quova gets its servers hosted at Exodus, and runs UUnet lines. Both companies are hostile to port scanning [uu.net], and consider it wrong. Exodus's contract says they cannot "engage in any activities or actions that would violate the personal privacy rights of others, including, but not limited to, collecting and distributing information about Internet users without their permission. (here [exodus.com])

    I've opened a case number with UU.net. Send them your logs of being scanned! I'm sure UU.net will not be pleased with someone tying up their network with pings, (Is Quova the biggest script kiddie ever?) let alone making money from it. If you have logs showing Quova tapping at your doorway, send them to security@uu.net [mailto] and we can take care of these people.

    Stop wasting bandwidth. It's precious.

  • 3COM (Score:2)

    by redhog ( 15207 )
    MAC addresses where not meant to be changed. However, you can on most cards. For some, there even exist linux-utilities to do so (You don't even have to reboot if your kernel have the card-driver as a module). For an example for 3com-cards, you can grab my modified version of Donald Becker's 3c5x9setup here [dhs.org].

  • Its ICMP-ECHOES for christ sake. (Score:3)

    by arcade ( 16638 ) on Monday November 06, 2000 @12:41AM (#647127) Homepage
    Seriously. They're doing nothing except sending icmp packets, and not many of them neither. This isn't a denial of service attack (a couple of pings don't constitute a dos). Its not very much of a probe neither, since you do not return very much information. IF you're scared by the information a ping gives out, then you're a paranoid idiot, nothing less.

    And, comparing it to portscanning is dumb too. If you portscan, you scan a lot of ports, raising all kinds of bells'n whistles, in addition to that is exactly what scriptkiddies do before an attack. But a ping? Get real. Should they be harassed if they established tcp connections to port 80 on every host on the net too? *bllagh*.

    I think this is one of the most stupid news-items I've evern seen. People get excited because of PINGS! Its like .. how dumb is it possible to get? One, or ten, or fifty, ping packets doesn't hurt you. Its not a DoS. Its not like it gathers much information about you ("are you alive, and what travel-time do you have to me?").

    Oh! And, do anybody remember those lovely "internet-maps" that was made some time ago? That got that great coverage on slashdot, with people wanting them and so forth? How do you folks think those were made? Just picked out of thin air? NO! They were made by traceroutes .. which is what? traceroutes are either sending udp or icmp packets with a TTL starting with 1, and going upwards until you reach your destination host (so that the routers along the way send an icmp-ttl-exceeded or whatever its called when the TTL goes down to '0' at their point).

    God. I really, really, really think this entire shit about quova inc is sooo stupid. As a Security administrator, I think its even MORE stupid to get excited because of a couple of pings.

    /RANT


    --
  • Ohfuck, this is so ridiculous. Seriously. If an org. is stupid enough to page the admin because of a ping or two, then the dude that recomended that this should be done for the organization, should be FIRED.

    As someone mentioned when talking about the several thousands attack they received per hour at blackhat briefings.. "Its not exactly ping packets we receive here".

    Its an internal joke on every single security mailinglist I've seen. People complaining about someone ping'ing them, wanting to know what abuse@ address to send the logs to and so forth.

    Its just so fucking ridiculous. People that are paranoid because of this need to BE MADE FUN OF. And a corp that freaks out because of a couple of ping, should fire the fsckhead that recomended firing of bells and whistles for nothing.

    Its like making a so sensitive burglar detection, that it fires off all alarms because a fly flew by outside the window.


    --
  • "In gathering this information, they set off alarms all over the world, and yet, it seems that this is an accceptable practice in the eyes of the law"

    I wonder which law timothy thinks the Internet is under. In particular in conjunction with the words 'all over the world'...

    Cheers,

    --fred

  • If we assume that the advertising isn't wasted on someone living in the actual town (a questionable assumption but necessary for this discussion), then I don't see where it would be ENTIRELY wasted on you. Certainly, if there's an ad for Mom's Diner on the corner of 1st and Main in that town, it's wasted on you. But if there's an ad for parkas on sale at Wal-Mart while the weather channel is reporting a huge blizzard headed your way, the advertising is just as effective for you as it is for someone in that particular town. IOW, most "targeted" advertising isn't aimed that precisely. If they know what region of the country you're in, you're probably within their target area.

  • Re:Pinging (Score:5)

    by doctor_oktagon ( 157579 ) on Sunday November 05, 2000 @07:56PM (#647133)
    This comment
    If you have a box connected to the Internet, you should expect to get pinged. Heck, way back when I first discovered pings, I pinged random IP addys for kicks
    hits the nail right on the head.

    The Internet is a public network, and part of that public protocol includes tools for mapping (traceroute) routes, and measuring the time it takes to traverse that route (ping).

    If you spend $20000 dollars on an pukka Firewall and a good IDS, then don't start compaining when Ping packets are recieved! The reason you spent all that cash was to block them, which you are now doing.

    I'm not convinced of the value of the data, and I'm even less sure about the intention of why they are doing it (I hate marketeers as much as the "next man"), but as I stress: the Internet is a public network, and if you get annoyed with people "walking by your house", then disconnect your machine from the net, or configure your server/router/firewall to block ICMP (which I generally do).

    The security Incidents mailing lists are full of people complaining that some 3l337 kid in Korea is pinging their server, and they don't like it. Frankly who gives a damn? It's the guy who stealth maps your machine for the latest vulnerability that should be worrying, not someone openly knocking on the front door!

  • This doesn't help anybody track an individual user. It just pinpoints your approximate geographical location based on your IP address which means they'll actually only get your ISPs location. The data they get for your IP will be the same as everybody else using your ISP. It does not uniquely identify you.

    As always, individual users can be tracked using just their IPs, but this is unreliably due to dynamic IPs, shared IPs, rotating IPs etc. Cookies are still the most reliable way to track people between sites.

Slashdot Top Deals

It's been a business doing pleasure with you.

Close