Slashdot Mirror
Quova Inc. Completes Trace of 4 billion IP Addresses
RatzMilk writes: "Quova Inc. claim they have completed a global scanning system [Note: first mentioned on Slashdot in July -- timothy] that pinpoints the geographic location of Internet users in real time. The information gathered is then sold as a tool called 'GeoPoint' that can be used by advertisers to better target their advertisments to people based on their location. It doesn't rely on cookies or voluntary submissions from users, instead, using a data base built by scanning every host on the Internet.
In gathering this information, they set off alarms all over the world, and yet, it seems that this is an accceptable practice in the eyes of the law. Individual people are having their computers impounded and in some cases are being incarcerated for doing the same. ...
Further details on this story can be found at Security Focus." (Sorry, but Security Focus is not designed for direct linking; click on the link that says "Scanning Mystery Solved.") [Updated 5:58 GMT by timothy] Scratch the comment about deep linking; I've restored the link RatzMilk provided, which originally brought me only "page not found" errors. Hope it works for everyone ...
That is assuming that you have a MAC address... isn't that an Ethernet attribute? What if I was running IP over another medium (ATM, TokenRing, etc...)?
Scary stuff! Why havn't I heard that before? I'm not up on IPv6 so I'm going to do some research to see if it really is that bad!
Comments anyone?
When it absolutely positively has to be there.
The government should not do anthing to anyone for tracerouting or pinging. There is nothing wrong with that. I use these tools often, just for curiosity.
If a computer has a web server running that allows anyone to download a webpage, it should be considered authorized use. If a computer returns my pings, that should be authorized use. These people should be allowed to ping/traceroute whoever they want, and so should I. If people don't want me to ping them, they should set up their computers not to return my pings.
I long for the old days of the internet when you weren't considered a threat if you used a ping. Now we must play dumb or be considred "hackers".
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
From their website:
As someone living in British Columbia, Canada, I have been in dire need of this service. Hooray!
You can never put too much water in a nuclear reactor.
Of course he shops there, I don't think their advertisement is going to discourage him from buying their product, but they simply won't target him.
Think like a man of action, act like a man of thought.
Most large companies have private or public address space, and rely upon thier own network of leased lines to move this address space around the world. You will find that, to simplify routing, etc. most of them have only one or two gateways out to the rest of what we call the internet.
Consider the case of a big green and yellow oil company. The headquarters are in Britain, major distribution, fields, and refineries in Belgium, Russia, China, Alaska, Austral-Asia, Japan. Main internet gateway in Texas, because it's cheaper there.
Think this "geocoded IP address" company and their product know and account for this? I suspect that the folks in Japan would get a lot of Texas-oriented web content, don't you think?
*whup* "Get along, little electrons. Heeyah!"
Did someone clue these people into the fact that there *ARE* only 4 billion IP addresses, and that over 1/4 of the address space is currently unpopulated?
Some cable and DSL boxes work as routers, some as bridges, some as NAT boxes. If you're using a bridge-flavored box, it's your PC's MAC that matters. But those guys are probably not going to switch to IPv6 until Cisco and the Tier 1 ISPs make it easy, ICANN stops their current predatory pricing which is designed to prevent IPv6 adoption, and cheap DSL and cable routers support IPv6.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Now we know who was online, and from where, during all of last year.. Oops! now it's out of date
This link appears to work just fine.
Does anyone know if this type of effort will be easyer with IPv6?
Free Unix? Free Windows. http://www.reactos.com
I'd like some evidence to back their claim. First of all, 27 million AOL users will appear to be in Virginia. Secondly, I'm sure a lot of people use a ppp account on one of their colo/ISP's servers.
Sooo, more evidence please!
------------
------------
Tonight on Fox: Deadliest Executions Part XVII
Date: Sun, 5 Nov 2000 22:19:32 -0800 (PST)
From: Kevin Fox
To: frezza@alum.mit.edu
Subject: IPv6 vs the Status Quo
I just finished reading your article at Internet Week and I had two comments:
First, network interface addresses aren't always hardwired, and many NICs allow you to, with the proper utility, change your 48-bit address to
anything you want.
Second, your Ethernet address is heavily used under current networks for a lot of things, and is stored in mailserver logs, correlated to email that you send out, and DHCP keeps records of Ethernet address/IP address mappings, records that could be hacked or subpoenaed to create a relatively solid link between an IP/time to an NIC.
While I agree with many points in your article, I do think the above points were worth mentioning, as omitting them gives the article an aura of "We were safe before, but with IPv6 we're all f***ed." In actuality, we're only kind of safe now, and after IPv6, we're only kind of f***ed.
Thanks,
Kevin Fox
Kevin Fox
They are talking about selling IP world maps
so lets that a picture is legal in France but not in china. They could tell you the country ip address that came from so you could block it.
Web sites that provide music, video, and other forms of content finally have an effective solution for managing content distribution. By identifying the geographical location of Web visitors in real-time, GeoPoint lets you comply with territorial restrictions on digital content. Which means that you can continue to benefit from the vast global reach of the Internet while ensuring that content is only available to users in authorized areas. It's a smart and seamless solution for adhering to today's ever-changing distribution and copyright requirements.
Comply with domestic and international distribution restrictions on Webcasts, music downloads, video clips, and other online content by limiting access from unauthorized areas.
Respect user privacy by pinpointing their location without the use of cookies, registration information, or click-stream data.
I DoS-ed a colleague's OmniSky by pinging him about 10 times a second with a 1k packet.
;-)
That'll teach the showoff (Hi, Mike)
On the offchance he was actually using it when Quova came knocking, he would have noticed a serious drop in bandwidth.
--
--
E_NOSIG
Actually I'm well aware that there will be an optional method, eventually, for masking MAC addresses in IPv6, although last I checked a few months ago it wasn't final yet and no one seemed in a great rush...and no one held up IPv6 to wait for this fix to be part of the rollout.
And I'm also aware that because it will not be the default, very few folk will use it; most folk will therefore have their true MAC address visible. Your comment is therefore not only snide but thoroughly misleading in terms of the practical effect on the privacy of not just average AOL users, but most people. I discuss all this and a great deal more about privacy in a recent article on privacy and the law (Note: article is in .pdf but a crude HTML of an earlier draft is available here)& lt;/P>
I have a blog.
This is not news. I've been able to track people's localles over the internet for years now. All truly skilled hackers can.
I know where you live, where you work, when you sleep and what you fear.
I have only one thing to say to you:
Damn you're boring - why don't you get a life?
--Shoeboy
Assuming they didn't use RIPE, ARIN, or APNIC data to compile their database (and even assuming they did), what's the big deal? I don't even consider this an invasion of privacy, much less anything to worry about. Then again, slashdot users will bitch about just about anything (yet do absolutely nothing to "solve" the "problem".)
- A.P.
--
* CmdrTaco is an idiot.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Ha. And that option doesn't _save_ it anywhere (like in EEPROM of the card). Wake up yourself!
--The knowledge that you are an idiot, is what distinguishes you from one.
However, do we really need to? In "the real world," advertisers can avoid spamming people with irrelevant ads. Allowing this type of targetting online seems reasonable. Occasionally, advertising is useful -- it is a good way to learn about what's out there. Not every corporate practice is wicked and evil, even if it removes some level of the anonymity that was previously found on the internet.
While privacy is important to protect, the internet is a changing place and I believe that the level of casually available anonymity will inevitably decrease. Some losses should be protected against, but I don't think this is one of them. Which step in their collection process should have been prevented? If your activities are traceable to _your_ IP address, then they are not anonymous, and I don't think any knowledgable individuals would expect them to be. Security through obscurity... The only difference is that it's now a little easier to figure out where (some of) those IP addresses are. If the information is out there to be collected by legal procedures, it will be collected.
If you haven't heard this before, then you haven't been reading slashdot for long. This type of fear mongering is quite common when people talk about IPv6. The *recommended* way to generate an IPv6 address is through your MAC address. You're still welcome to assign them by hand if you so choose. Also, almost every Ethernet NIC can have its MAC address overridden.
The poster apparently hasn't been following slashdot either...
This sounds like total snake oil. How does scanning IPs tell you their geographical location? At most, you can look up the (physical) address of the netblock holder, which has very little to do with the physical location of the machines in the netblock. And that can easily be done using the RIR (ARIN, RIPE, APNIC) whois databases; Why would we need some other company to recycle the data for us?
How are they the first? Akamai's had this service for somet time now:
http://www.akamai.com/html/sv/edse.html
-Bill
SlashSig Karma: Excellent (mostly affected by moderatio
Dial-up long distance to an ISP in a backwards country using a phone company you know don't support call-number forwarding, and get a telnet account on a old UNIX server in a country where the police force are not savvy enough to be able to read the dialup log files.
... I don't think so! :-)
good: No-one will ever know where you live!
bad: Using the net will be a pain, and you won't be able to do anything usefull.
moral: It's all a trade-off between useability and personal space. You sacrifice one for the other.
Would the medieval version of slashdot be so concerned when boats roamed through the seas and produced those things you earth-people called "maps"
Future News Article:
The small area of Phuket, located in the bustling country of Thailand, has seen it's GDP rise exponentially, due to the introduction of their latest service, Phuket Fun. Using Phuket Fun, security minded individuals can browse safely and anonymously, having their IP address completely masked.
Should a company or individual do a lookup on the idea, they will see that the user is coming from Phuket U. A new era in privacy has thus been issued in, with companies like Akamai and services like geoTrace being told what they should have been rightfully told when they suggested such services - to Phuket.
In all seriousness (which is rare for me), what would be the effect of using one of the many anonymous proxies out there which effectively mask your IP? Agreebly, these companies would have logs of your IP, but toss one of these companies into some off shore third world country (note: I simply used Phuket for the fun of the word), where the government can't control the people or the information, but thanks to grants/loans from places like the World Bank have been able to establish some form of information infrastructure, and you'd be safe! (And you'd also have a run-on sentance, but that is besides the point)
In either event, I'm more concerned about the IPv6 potential for damage/abuse/blatent violations of rights than I am about having someone figure out that I live in Georgia (even though a Neotrace lookup from multiple people repeatedly implies I am in sunny California - don't I wish). It seems like just another company had some peeved geek sarcasticly tell the marketering guy "Oh, you want your database to be done by eunichs?!? Yeah, sounds like a great idea. While you're at it, why don't I create a program to find out where internet l-users live. That's another really great idea."
Oh well, there's my two cents (Out of pity for having to endure my poor jokes).
Information is the catalyst for revolution
But you don't really seem to care about that since it's also on your homepage:)
I just refreshed this story, and what banner advert should fill my screen?
Think Geek advertising poster depicting Map of the Internet!
So are we now boycotting Think Geek for commercially violating our address space? Or more to the point, isn't this actually an interesting visualisation of the virtual space we inhabit?
Call me a doctor! I think I'm gonna die laughing!!
Not to mention that a lot of ISPs are now making it painfully obvious where you live thanks to the preschool level naming scheme they give to their routers. [cough]@Home[cough]PacBell[cough]
/who *.scrmnt1.ca.home.com and then messaging them all.
= -
I mean, if an advertiser wanted to send out some spam to customers in, say, Sacramento CA it's as easy as getting on a chat network and typing
- JoeShmoe
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
Let's see a company is abusing bandwidth for their own personal gain, causing heart ache to sys admins everywhere, gee isn't this a low layer equivalent of spamming?
I hardly think this is causing poor sys admins to have nightmares. If your sys-admin breaks out in a sweat everytime someone ping-sweeps the network, I'd say it's time for a new sys admin!
Take a look at RealMapping, they really provide a lot of information.
I would do a reverse dns and a whois on each ip of interest, you would in best case get adress information for the technical contact that often, but by no means allways are located in the same office as that server
;)
This will not work in every case but perhaps it's good enough in a statistical perspective.
Then there is allways snmp syslocation
This means that, in the best case scenario, they have traced 93.1322574615478515625% of the IP addresses; and at worst case, 100%. All the more reason for IPv6; so they'll have to toil just to trace them again!
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
I wonder if machines (firewalls) that are set up to ignore pings fell under the radar, or did they still show from the old router logs of their provider?
The truth shall set you free!
We built this network to allow IP scanning.
Geographic locations are (roughly) approximated by various IP registries & domain registries, which is publicly available information.
What's the big deal?
Oh.. and who gets prosecuted for scanning? I mean, sure, your ISP can put in your TOS that no scanning is to be done because it causes them a headache.. but that's only an issue with small residential connnections. If you have big pipes, you are NOT told what to do.
On the technical side, besides the "we tracerouted everybody" hack, if they did use traceroute, they're also getting a lot of correlation information on what's connected to what, and on how long those distances are. And most of their connections are going to go through the NAPs, or through their ISP's peering relationships with other carriers, which are usually in a small number of cities, so they get a lot of correlation on locations they can exploit (they could even get fancy and reduce their traceroute load by taking advantage of serial searches.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Pinging was used to gain publicity. So that they can "explain" how they got the information. If they did not get the assistance of every LIR around the globe they would have had to steal RIPE, ARIN and APNIC data.
And this means IP address space revokation. Forever. This company is going off the net. Unstopable and irrevokable.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Right, well, the point was, they were systematically scanning the entire freaking address space, and they wouldn't tell anybody why; they had a bunch of noncommital biz-speak for a website, with no good contact information... it wasn't necessarily the fact of being scanned, but the fact they were being blatant and secretive at the same time, that set people off.
You tell me, if you had, say, a class B network, and logged 65,000 ping requests from one address, what would you figure was the *legitimate* reason for someone to be paying that much attention to you? Would you still think so if they didn't respond to any attempts at contact?
oh boy. I just looked at their website... They're pitching, not only zip-code level target-marketing, but the ability to
"Comply with domestic and international distribution restrictions on Webcasts,
music downloads, video clips, and other online content by limiting access from unauthorized areas."
Yep, these guys are creepy alright.
-- 'intellectual property' is oxymoronic
This is better at tracking you than a database based on reverse IP lookups because what exactly? (Keeping in mind that with IPv6 there's going to be *much* more data about you in each of those packets....)
I have a blog.
Cease and Desist
all they claim is that you can say "where is this IP located?" and it gives a general approimation of the geographical location it would be located in. businesses could target ads using the geographical location of the IP as a guide for what a person might be more interested in buying(like mariners caps for IPs located in seattle, a sea world discount pass for people in florida or san diego, etc). it doesnt mean they claim to be able to track usage of somebody based on their IP.
I've opened a case number with UU.net. Send them your logs of being scanned! I'm sure UU.net will not be pleased with someone tying up their network with pings, (Is Quova the biggest script kiddie ever?) let alone making money from it. If you have logs showing Quova tapping at your doorway, send them to security@uu.net and we can take care of these people.
Stop wasting bandwidth. It's precious.
/. is a commercial entity. goto slashdot.com
MAC addresses where not meant to be changed. However, you can on most cards. For some, there even exist linux-utilities to do so (You don't even have to reboot if your kernel have the card-driver as a module). For an example for 3com-cards, you can grab my modified version of Donald Becker's 3c5x9setup here.
--The knowledge that you are an idiot, is what distinguishes you from one.
Seriously. They're doing nothing except sending icmp packets, and not many of them neither. This isn't a denial of service attack (a couple of pings don't constitute a dos). Its not very much of a probe neither, since you do not return very much information. IF you're scared by the information a ping gives out, then you're a paranoid idiot, nothing less.
.. how dumb is it possible to get? One, or ten, or fifty, ping packets doesn't hurt you. Its not a DoS. Its not like it gathers much information about you ("are you alive, and what travel-time do you have to me?").
.. which is what? traceroutes are either sending udp or icmp packets with a TTL starting with 1, and going upwards until you reach your destination host (so that the routers along the way send an icmp-ttl-exceeded or whatever its called when the TTL goes down to '0' at their point).
And, comparing it to portscanning is dumb too. If you portscan, you scan a lot of ports, raising all kinds of bells'n whistles, in addition to that is exactly what scriptkiddies do before an attack. But a ping? Get real. Should they be harassed if they established tcp connections to port 80 on every host on the net too? *bllagh*.
I think this is one of the most stupid news-items I've evern seen. People get excited because of PINGS! Its like
Oh! And, do anybody remember those lovely "internet-maps" that was made some time ago? That got that great coverage on slashdot, with people wanting them and so forth? How do you folks think those were made? Just picked out of thin air? NO! They were made by traceroutes
God. I really, really, really think this entire shit about quova inc is sooo stupid. As a Security administrator, I think its even MORE stupid to get excited because of a couple of pings.
/RANT
--
"Rune Kristian Viken" - http://www.nwo.no - arca
Ohfuck, this is so ridiculous. Seriously. If an org. is stupid enough to page the admin because of a ping or two, then the dude that recomended that this should be done for the organization, should be FIRED.
As someone mentioned when talking about the several thousands attack they received per hour at blackhat briefings.. "Its not exactly ping packets we receive here".
Its an internal joke on every single security mailinglist I've seen. People complaining about someone ping'ing them, wanting to know what abuse@ address to send the logs to and so forth.
Its just so fucking ridiculous. People that are paranoid because of this need to BE MADE FUN OF. And a corp that freaks out because of a couple of ping, should fire the fsckhead that recomended firing of bells and whistles for nothing.
Its like making a so sensitive burglar detection, that it fires off all alarms because a fly flew by outside the window.
--
"Rune Kristian Viken" - http://www.nwo.no - arca
"In gathering this information, they set off alarms all over the world, and yet, it seems that this is an accceptable practice in the eyes of the law"
I wonder which law timothy thinks the Internet is under. In particular in conjunction with the words 'all over the world'...
Cheers,
--fred
1 reply beneath your current threshold.
If we assume that the advertising isn't wasted on someone living in the actual town (a questionable assumption but necessary for this discussion), then I don't see where it would be ENTIRELY wasted on you. Certainly, if there's an ad for Mom's Diner on the corner of 1st and Main in that town, it's wasted on you. But if there's an ad for parkas on sale at Wal-Mart while the weather channel is reporting a huge blizzard headed your way, the advertising is just as effective for you as it is for someone in that particular town. IOW, most "targeted" advertising isn't aimed that precisely. If they know what region of the country you're in, you're probably within their target area.
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
This comment
If you have a box connected to the Internet, you should expect to get pinged. Heck, way back when I first discovered pings, I pinged random IP addys for kicks
hits the nail right on the head.
The Internet is a public network, and part of that public protocol includes tools for mapping (traceroute) routes, and measuring the time it takes to traverse that route (ping).
If you spend $20000 dollars on an pukka Firewall and a good IDS, then don't start compaining when Ping packets are recieved! The reason you spent all that cash was to block them, which you are now doing.
I'm not convinced of the value of the data, and I'm even less sure about the intention of why they are doing it (I hate marketeers as much as the "next man"), but as I stress: the Internet is a public network, and if you get annoyed with people "walking by your house", then disconnect your machine from the net, or configure your server/router/firewall to block ICMP (which I generally do).
The security Incidents mailing lists are full of people complaining that some 3l337 kid in Korea is pinging their server, and they don't like it. Frankly who gives a damn? It's the guy who stealth maps your machine for the latest vulnerability that should be worrying, not someone openly knocking on the front door!
As always, individual users can be tracked using just their IPs, but this is unreliably due to dynamic IPs, shared IPs, rotating IPs etc. Cookies are still the most reliable way to track people between sites.