Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] client - server

from [Matteo Giannone] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] client - server
Date: Mon, 28 Feb 2005 17:59:33 +0100 
I have made all tests on that website : none revealing informations that can
recognize me. I mean: if mozilla would send its SERIAL NUMBER (if it exsts) that
is a way to identify my own copy of mozilla.





which informations can a server get about a client running M$ windows XP ?
I cannot access a website because i have been "banned" and I'd like to
understand how they recognize me for sure.


All sorts of stuff. Visit browserspy (http://gemal.dk/browserspy/) for a 
bunch of tests. Java is one excellent way to steal the goods (and many 
browserspy tests use that).

The 'short' answer is, however, probably a simple IP check.


I mean:
- a simple ip check doesn't work with dynamic addresses...
- cookies can be deleted
- computer name can be changed
- mac address can be changed (even I wasn't able to, because I have a usb dsl
modem and I cannot change its MAC working with regedit or using tools like 
smac )


MAC address? That's not visible past the DSLAM. As for dynamic 
addresses, have you kept track? I have (supposed) dynamic addresses at 
home and it's not changed in over a year.

You should dump the DSL modem and get a conventional ethernet one. Then 
change the MAC on your ethernet card at will (this will get you new 
addresses). There probably is a way to access the innerds of the USB one 
but you'd probably have to take it apart and locate the serial port.

~Mike.


Anything else ?
How the hell do they recognize me ?

Matteo Giannone




____________________________________________________________
6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero!
Scaricalo su INTERNET GRATIS 6X http://www.libero.it



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html







____________________________________________________________
Navighi a 2 MEGA e i primi 3 mesi sono GRATIS. 
Scegli Libero Adsl Flat senza limiti su http://www.libero.it



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] client - server, Micheal Espinola Jr
Next by Date:  Re: [Full-Disclosure] client - server, Michael Holstein
Previous by Thread:  Re: [Full-Disclosure] client - server, Micheal Espinola Jr
Next by Thread:  [Full-Disclosure] [HAT-SQUAD] BadBlue, Easy P2P File Sharing Remote Exploit (update), class 101
Indexes:  [Date] [Thread] [Top] [All Lists]