Slashdot Mirror
Quova Inc. Completes Trace of 4 billion IP Addresses
RatzMilk writes: "Quova Inc. claim they have completed a global scanning system [Note: first mentioned on Slashdot in July -- timothy] that pinpoints the geographic location of Internet users in real time. The information gathered is then sold as a tool called 'GeoPoint' that can be used by advertisers to better target their advertisments to people based on their location. It doesn't rely on cookies or voluntary submissions from users, instead, using a data base built by scanning every host on the Internet.
In gathering this information, they set off alarms all over the world, and yet, it seems that this is an accceptable practice in the eyes of the law. Individual people are having their computers impounded and in some cases are being incarcerated for doing the same. ...
Further details on this story can be found at Security Focus." (Sorry, but Security Focus is not designed for direct linking; click on the link that says "Scanning Mystery Solved.") [Updated 5:58 GMT by timothy] Scratch the comment about deep linking; I've restored the link RatzMilk provided, which originally brought me only "page not found" errors. Hope it works for everyone ...
The government should not do anthing to anyone for tracerouting or pinging. There is nothing wrong with that. I use these tools often, just for curiosity.
If a computer has a web server running that allows anyone to download a webpage, it should be considered authorized use. If a computer returns my pings, that should be authorized use. These people should be allowed to ping/traceroute whoever they want, and so should I. If people don't want me to ping them, they should set up their computers not to return my pings.
I long for the old days of the internet when you weren't considered a threat if you used a ping. Now we must play dumb or be considred "hackers".
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
From their website:
As someone living in British Columbia, Canada, I have been in dire need of this service. Hooray!
You can never put too much water in a nuclear reactor.
Does anyone know if this type of effort will be easyer with IPv6?
Free Unix? Free Windows. http://www.reactos.com
I'd like some evidence to back their claim. First of all, 27 million AOL users will appear to be in Virginia. Secondly, I'm sure a lot of people use a ppp account on one of their colo/ISP's servers.
Sooo, more evidence please!
------------
------------
Tonight on Fox: Deadliest Executions Part XVII
This is not news. I've been able to track people's localles over the internet for years now. All truly skilled hackers can.
I know where you live, where you work, when you sleep and what you fear.
I have only one thing to say to you:
Damn you're boring - why don't you get a life?
--Shoeboy
If you haven't heard this before, then you haven't been reading slashdot for long. This type of fear mongering is quite common when people talk about IPv6. The *recommended* way to generate an IPv6 address is through your MAC address. You're still welcome to assign them by hand if you so choose. Also, almost every Ethernet NIC can have its MAC address overridden.
The poster apparently hasn't been following slashdot either...
How are they the first? Akamai's had this service for somet time now:
http://www.akamai.com/html/sv/edse.html
-Bill
SlashSig Karma: Excellent (mostly affected by moderatio
Dial-up long distance to an ISP in a backwards country using a phone company you know don't support call-number forwarding, and get a telnet account on a old UNIX server in a country where the police force are not savvy enough to be able to read the dialup log files.
... I don't think so! :-)
good: No-one will ever know where you live!
bad: Using the net will be a pain, and you won't be able to do anything usefull.
moral: It's all a trade-off between useability and personal space. You sacrifice one for the other.
Would the medieval version of slashdot be so concerned when boats roamed through the seas and produced those things you earth-people called "maps"
Future News Article:
The small area of Phuket, located in the bustling country of Thailand, has seen it's GDP rise exponentially, due to the introduction of their latest service, Phuket Fun. Using Phuket Fun, security minded individuals can browse safely and anonymously, having their IP address completely masked.
Should a company or individual do a lookup on the idea, they will see that the user is coming from Phuket U. A new era in privacy has thus been issued in, with companies like Akamai and services like geoTrace being told what they should have been rightfully told when they suggested such services - to Phuket.
In all seriousness (which is rare for me), what would be the effect of using one of the many anonymous proxies out there which effectively mask your IP? Agreebly, these companies would have logs of your IP, but toss one of these companies into some off shore third world country (note: I simply used Phuket for the fun of the word), where the government can't control the people or the information, but thanks to grants/loans from places like the World Bank have been able to establish some form of information infrastructure, and you'd be safe! (And you'd also have a run-on sentance, but that is besides the point)
In either event, I'm more concerned about the IPv6 potential for damage/abuse/blatent violations of rights than I am about having someone figure out that I live in Georgia (even though a Neotrace lookup from multiple people repeatedly implies I am in sunny California - don't I wish). It seems like just another company had some peeved geek sarcasticly tell the marketering guy "Oh, you want your database to be done by eunichs?!? Yeah, sounds like a great idea. While you're at it, why don't I create a program to find out where internet l-users live. That's another really great idea."
Oh well, there's my two cents (Out of pity for having to endure my poor jokes).
Information is the catalyst for revolution
I just refreshed this story, and what banner advert should fill my screen?
Think Geek advertising poster depicting Map of the Internet!
So are we now boycotting Think Geek for commercially violating our address space? Or more to the point, isn't this actually an interesting visualisation of the virtual space we inhabit?
Call me a doctor! I think I'm gonna die laughing!!
Take a look at RealMapping, they really provide a lot of information.
I wonder if machines (firewalls) that are set up to ignore pings fell under the radar, or did they still show from the old router logs of their provider?
The truth shall set you free!
This is better at tracking you than a database based on reverse IP lookups because what exactly? (Keeping in mind that with IPv6 there's going to be *much* more data about you in each of those packets....)
I have a blog.
Cease and Desist
Seriously. They're doing nothing except sending icmp packets, and not many of them neither. This isn't a denial of service attack (a couple of pings don't constitute a dos). Its not very much of a probe neither, since you do not return very much information. IF you're scared by the information a ping gives out, then you're a paranoid idiot, nothing less.
.. how dumb is it possible to get? One, or ten, or fifty, ping packets doesn't hurt you. Its not a DoS. Its not like it gathers much information about you ("are you alive, and what travel-time do you have to me?").
.. which is what? traceroutes are either sending udp or icmp packets with a TTL starting with 1, and going upwards until you reach your destination host (so that the routers along the way send an icmp-ttl-exceeded or whatever its called when the TTL goes down to '0' at their point).
And, comparing it to portscanning is dumb too. If you portscan, you scan a lot of ports, raising all kinds of bells'n whistles, in addition to that is exactly what scriptkiddies do before an attack. But a ping? Get real. Should they be harassed if they established tcp connections to port 80 on every host on the net too? *bllagh*.
I think this is one of the most stupid news-items I've evern seen. People get excited because of PINGS! Its like
Oh! And, do anybody remember those lovely "internet-maps" that was made some time ago? That got that great coverage on slashdot, with people wanting them and so forth? How do you folks think those were made? Just picked out of thin air? NO! They were made by traceroutes
God. I really, really, really think this entire shit about quova inc is sooo stupid. As a Security administrator, I think its even MORE stupid to get excited because of a couple of pings.
/RANT
--
"Rune Kristian Viken" - http://www.nwo.no - arca
This comment
If you have a box connected to the Internet, you should expect to get pinged. Heck, way back when I first discovered pings, I pinged random IP addys for kicks
hits the nail right on the head.
The Internet is a public network, and part of that public protocol includes tools for mapping (traceroute) routes, and measuring the time it takes to traverse that route (ping).
If you spend $20000 dollars on an pukka Firewall and a good IDS, then don't start compaining when Ping packets are recieved! The reason you spent all that cash was to block them, which you are now doing.
I'm not convinced of the value of the data, and I'm even less sure about the intention of why they are doing it (I hate marketeers as much as the "next man"), but as I stress: the Internet is a public network, and if you get annoyed with people "walking by your house", then disconnect your machine from the net, or configure your server/router/firewall to block ICMP (which I generally do).
The security Incidents mailing lists are full of people complaining that some 3l337 kid in Korea is pinging their server, and they don't like it. Frankly who gives a damn? It's the guy who stealth maps your machine for the latest vulnerability that should be worrying, not someone openly knocking on the front door!