DHCP leases would not either necessarily, and regardless NONE of that is in any way authenticated-- your computer can claim to be whomever it wants at whatever IP and MAC it wants, and as long as the correct info is also out there it will make no difference to its reachibility. The idea that network announced info is forensically reliable is just false.
which includes things like statistical analysis, looking at words and speech patterns, timing delays in the data, other data your computer may accidentally chirp (like windows update, which sends a GUID)
Timing delays of a few microseconds across the internet? Yea, not going to be noticeable, considering the relatively massive delays incurred at your first hop and the high jitter most home connections will have. At best, you can sometimes identify what OS-- and sometimes, what application-- is at the other end of a connection, but thats it. You certainly cannot identify a specific NIC or machine from across a public network and through a NATted device. If you have evidence to the contrary, I (and Im sure a lot of IDS / IPS guys) would be interested to see it.
Since you can't imagine a death threat being sent and then the secret service not showing up ASAP?
Unless they want an immediate mistrial or acquittal caused by failure to apply due process, theyre going to get a warrant first, which doesnt happen on the timescale you seem to think it does. Ive seen a couple of these cases pop up, and the timescale is weeks, not hours. The culprits are caught by keeping evidence on their laptop and leaving stupid traces everywhere for the ISP to log.
Even NAT leaves traces in memory -- All it requires is a single missed ACK during the close of a TCP session, or sending any UDP data, and the state table data may remain there for minutes, hours, even days.
Baloney. There are TCP timeouts in both desktop OSes and routers to prevent resource exhaustion. Its substantially less than "days"; TCP was designed to function in high-loss situations, and would be unusable if the timeouts were set that high.
Many NAT implimentations in firmware have problems with memory leaks caused by faulty code. Guess what's in the leak?
Its not a half-open connection, thats for sure. Closing half-open connections is kind of a basic function of the router. Got a reference to what youre citing? Im aware of memory leaks, but it tends to be in things like "HTTPS web console", not "basic function that even windows consumer editions can handle".
Maybe you missed the memo, but since 9/11, all you need to do is mention the word 'terrorist' and you have no civil rights.
Maybe you missed the memo, but for a while the allegation was that non-citizens captured in a warzone should have constitutional rights. Youre speaking nonsense; just because a citizen becomes fair game in a warzone when aligning themselves with military beligerents, doesnt change law in the US.
Not sure if youre aware, but the rules change slightly in a combat zone.
They're detaining people in Guantanamo and elsewhere in the world without trial or charges being brought against them.
We didnt bring charges against people in WW2 before detaining them as POWs, either. Somehow that never made it back to the US. Youre going to have to get over the fact that things are different when you take up arms and declare yourself an enemy combatant.
Tedious compared to "forge packet saying I AM SPARTACUS AT MAC ADDRESS 00:11:22:33:44;55". Arp poisoning really only requires you to shout really, really loudly on the network.
ARP records are flushed periodically, and arent really meant for logging. Theyre stored in RAM in basically every OS AFAIK, and would be lost on reboot. ARP records would NOT contain your computer name-- only IP and mac-- but thats not even foolproof. While the MAC address of a NIC can be tedious to alter, it is absolutely trivial to poison an arp cache so that bogus information appears in the cache.
The idea that ARP caches have been used to bust people I find rather hard to believe, since ARP is a layer 2 protocol and would not be leaked when sending ie a death threat to the president-- once those packets hit your router, the layer 2 information is stripped out and rewritten with the router's own info, which is then stripped and rewritten at the next hop. Only layer 3 information survives, and only until it hits a NATting router at which point that, too, is stripped.
Cases where people are busted tend to involve ISPs who can pull up logs of who owned what public IP, and that then leads to a warrant which allows a physical search, leading to incriminating evidence on the home computer. But in the absence of such evidence, there would be no way from a network standpoint to prove whether the owner of that connection had actually committed the crime in question.
Yes, the 4th amendment still applies, but that doesnt mean a warrant cannot be issues. The 4th amendment specifically lays out circumstances in which your "right to be secure in person, houses, papers, and effects" may be violated.
They really cant confirm anything without a router or switch log. MAC address info doesnt leave the local subnet, and is simply not accessible from behind a home router.
most that do lose it on reboot. You would specifically need to configure the device to have correct date/time (which I doubt most do), and specify nonvolatile storage for the logs (which Im quite sure most dont do).
The problem is NAT and DHCP, for which there are no parallels for with DNA.
NAT means that multiple individuals can share a single public IP, and short of the home router having logs, there is no way to differentiate between the computers behind the router based on their public IP. DHCP means that not only might someone else have had your IP yesterday, but you might not even have your IP tomorrow, and the private IPs behind the NAT will likely shift as well.
Combined, the two of them MIGHT make an IP address sufficient for probable cause, but definitely not as a unique identifier.
MAC authentication is absolutely, literally, worthless from a security standpoint if you are using WPA2. Anyone who has the capability to crack WPA2 will necessarily have the ability to impersonate your MAC-- it is, I believe, a requirement to mount an attack against WPA2 in the first place. The fact that you have MAC auth turned on would probably not even be noticed by an attacker, and if it were, it would take all of about 5 seconds to get around.
Point releases with firefox were typically bugfix and security fix releases, with the exception of versions that were X.Y.Z (with Z updates being the bugfixes-- ie 3.6.1).
You cant convert it back to the old version numbering, because it DOESNT make sense that way-- the entire point was "smaller, quicker major versions". That in no way makes them the equivalent of old minor releases.
Its in the rules, and it alerts you when youre about to post in a topic youve modded.
Basically, you can either post, or mod, in a discussion-- not both. If you mod and then post, your moderations are removed, but the points are not refunded. You also have the option of posting anonymously, which I believe will not remove your moderations.
You couldn't even set up your own server to avoid all that, because your own server would be useless for mailing Hotmail users.
You were right on, except for this part. Of course you could email hotmail users if you set up your own email server. Thats how email works. You send a message through your server, it does an MX lookup for hotmail, and sends your message through their inbound SMTP servers.
people just come along and tell me that either I'm lying or that I already having a dozen rootkits and haven't noticed.
Have you checked recently? Maybe check your MBR from offline-- you say you are familiar with Ubuntu, try ms-sys (its in the debian repos), and see if it recognizes the boot record.
But even if you arent rootkitted, that doesnt make what youre doing a good idea. Some people get away with driving without a seatbelt, but Im going to continue recommending to everyone I care about that they use one.
I dont think I ever told you what you could run, nor was that my intention-- apologies if thats what came across. Im just trying to make clear that the very fact that youre running unpatched, known vulnerable plugins on an unpatched, known vulnerable OS isnt something you can fix with a firewall, an antivirus, and a little caution.
Im sorry if that seems like im being bossy or whatever.
No it's not.. We have a botnet problem because people download and run crap to see their porn and to 'make 5000 a week in their home office'
Once again, ignorance is displayed. Something like 90% of infections are thru vulnerable plugins, and require no user interaction. Every year at Pwn2Own, machines from Windows to OSX across a number of browsers are compromised with NO user interaction.
Most of the bots are on windows XP and 7, and soon 8.
Most of the computers are on those OSes, which makes that kind of a tautology.
That you really think that modern viruses require user interaction, and insist on running outdated software, kind of scares me.
I have only ever seen PPPoE used on DSL, and it seems to be moving towards DHCP. Every single non-DSL home connection I have seen has been DHCP.
Plus, Im pretty sure (though my PPPoE experience is limited) that you still get a dynamically assigned public IP even if your router is set to PPPoE.
DHCP leases would not either necessarily, and regardless NONE of that is in any way authenticated-- your computer can claim to be whomever it wants at whatever IP and MAC it wants, and as long as the correct info is also out there it will make no difference to its reachibility. The idea that network announced info is forensically reliable is just false.
which includes things like statistical analysis, looking at words and speech patterns, timing delays in the data, other data your computer may accidentally chirp (like windows update, which sends a GUID)
Timing delays of a few microseconds across the internet? Yea, not going to be noticeable, considering the relatively massive delays incurred at your first hop and the high jitter most home connections will have. At best, you can sometimes identify what OS-- and sometimes, what application-- is at the other end of a connection, but thats it. You certainly cannot identify a specific NIC or machine from across a public network and through a NATted device. If you have evidence to the contrary, I (and Im sure a lot of IDS / IPS guys) would be interested to see it.
Since you can't imagine a death threat being sent and then the secret service not showing up ASAP?
Unless they want an immediate mistrial or acquittal caused by failure to apply due process, theyre going to get a warrant first, which doesnt happen on the timescale you seem to think it does. Ive seen a couple of these cases pop up, and the timescale is weeks, not hours. The culprits are caught by keeping evidence on their laptop and leaving stupid traces everywhere for the ISP to log.
Even NAT leaves traces in memory -- All it requires is a single missed ACK during the close of a TCP session, or sending any UDP data, and the state table data may remain there for minutes, hours, even days.
Baloney. There are TCP timeouts in both desktop OSes and routers to prevent resource exhaustion. Its substantially less than "days"; TCP was designed to function in high-loss situations, and would be unusable if the timeouts were set that high.
Many NAT implimentations in firmware have problems with memory leaks caused by faulty code. Guess what's in the leak?
Its not a half-open connection, thats for sure. Closing half-open connections is kind of a basic function of the router. Got a reference to what youre citing? Im aware of memory leaks, but it tends to be in things like "HTTPS web console", not "basic function that even windows consumer editions can handle".
Maybe you missed the memo, but since 9/11, all you need to do is mention the word 'terrorist' and you have no civil rights.
Maybe you missed the memo, but for a while the allegation was that non-citizens captured in a warzone should have constitutional rights. Youre speaking nonsense; just because a citizen becomes fair game in a warzone when aligning themselves with military beligerents, doesnt change law in the US.
Not sure if youre aware, but the rules change slightly in a combat zone.
They're detaining people in Guantanamo and elsewhere in the world without trial or charges being brought against them.
We didnt bring charges against people in WW2 before detaining them as POWs, either. Somehow that never made it back to the US. Youre going to have to get over the fact that things are different when you take up arms and declare yourself an enemy combatant.
Tedious compared to "forge packet saying I AM SPARTACUS AT MAC ADDRESS 00:11:22:33:44;55". Arp poisoning really only requires you to shout really, really loudly on the network.
Not sure if you realize, but judges can overturn jury nullification in civil cases.
It wouldnt, however, answer complaints of "general suckage", "crashes", and "inexplicably breaks cd burning".
...Except instead of it being "your car", its a ZipCar, and its shared by 20 other people on a weekly basis.
ARP records are flushed periodically, and arent really meant for logging. Theyre stored in RAM in basically every OS AFAIK, and would be lost on reboot. ARP records would NOT contain your computer name-- only IP and mac-- but thats not even foolproof. While the MAC address of a NIC can be tedious to alter, it is absolutely trivial to poison an arp cache so that bogus information appears in the cache.
The idea that ARP caches have been used to bust people I find rather hard to believe, since ARP is a layer 2 protocol and would not be leaked when sending ie a death threat to the president-- once those packets hit your router, the layer 2 information is stripped out and rewritten with the router's own info, which is then stripped and rewritten at the next hop. Only layer 3 information survives, and only until it hits a NATting router at which point that, too, is stripped.
Cases where people are busted tend to involve ISPs who can pull up logs of who owned what public IP, and that then leads to a warrant which allows a physical search, leading to incriminating evidence on the home computer. But in the absence of such evidence, there would be no way from a network standpoint to prove whether the owner of that connection had actually committed the crime in question.
Yes, the 4th amendment still applies, but that doesnt mean a warrant cannot be issues. The 4th amendment specifically lays out circumstances in which your "right to be secure in person, houses, papers, and effects" may be violated.
They really cant confirm anything without a router or switch log. MAC address info doesnt leave the local subnet, and is simply not accessible from behind a home router.
most that do lose it on reboot. You would specifically need to configure the device to have correct date/time (which I doubt most do), and specify nonvolatile storage for the logs (which Im quite sure most dont do).
The problem is NAT and DHCP, for which there are no parallels for with DNA.
NAT means that multiple individuals can share a single public IP, and short of the home router having logs, there is no way to differentiate between the computers behind the router based on their public IP.
DHCP means that not only might someone else have had your IP yesterday, but you might not even have your IP tomorrow, and the private IPs behind the NAT will likely shift as well.
Combined, the two of them MIGHT make an IP address sufficient for probable cause, but definitely not as a unique identifier.
MAC authentication is absolutely, literally, worthless from a security standpoint if you are using WPA2. Anyone who has the capability to crack WPA2 will necessarily have the ability to impersonate your MAC-- it is, I believe, a requirement to mount an attack against WPA2 in the first place. The fact that you have MAC auth turned on would probably not even be noticed by an attacker, and if it were, it would take all of about 5 seconds to get around.
But at least DNA doesnt change every 2 weeks.
Regedit is neither commandline nor third party.
Point releases with firefox were typically bugfix and security fix releases, with the exception of versions that were X.Y.Z (with Z updates being the bugfixes-- ie 3.6.1).
You cant convert it back to the old version numbering, because it DOESNT make sense that way-- the entire point was "smaller, quicker major versions". That in no way makes them the equivalent of old minor releases.
It can be close, and everyone can still know whats likely to happen.
We better stick it to the man like France and Spain, thats SURE to fix the economy!
Surely we can cram a few more strawmen into this thread. Maybe something about how republicans hate old people?
The technical problem in the USA is that the two dominant parties have rigged the system against third parties.
The US has basically been two party since its inception.
Yea, just like that time where everyone acknowledged that Vista was the greatest thing ever and lamented the coming of WIn 7! Everyone remember that?
Its in the rules, and it alerts you when youre about to post in a topic youve modded.
Basically, you can either post, or mod, in a discussion-- not both. If you mod and then post, your moderations are removed, but the points are not refunded. You also have the option of posting anonymously, which I believe will not remove your moderations.
You couldn't even set up your own server to avoid all that, because your own server would be useless for mailing Hotmail users.
You were right on, except for this part. Of course you could email hotmail users if you set up your own email server. Thats how email works. You send a message through your server, it does an MX lookup for hotmail, and sends your message through their inbound SMTP servers.
people just come along and tell me that either I'm lying or that I already having a dozen rootkits and haven't noticed.
Have you checked recently? Maybe check your MBR from offline-- you say you are familiar with Ubuntu, try ms-sys (its in the debian repos), and see if it recognizes the boot record.
But even if you arent rootkitted, that doesnt make what youre doing a good idea. Some people get away with driving without a seatbelt, but Im going to continue recommending to everyone I care about that they use one.
I dont think I ever told you what you could run, nor was that my intention-- apologies if thats what came across. Im just trying to make clear that the very fact that youre running unpatched, known vulnerable plugins on an unpatched, known vulnerable OS isnt something you can fix with a firewall, an antivirus, and a little caution.
Im sorry if that seems like im being bossy or whatever.
No it's not.. We have a botnet problem because people download and run crap to see their porn and to 'make 5000 a week in their home office'
Once again, ignorance is displayed. Something like 90% of infections are thru vulnerable plugins, and require no user interaction. Every year at Pwn2Own, machines from Windows to OSX across a number of browsers are compromised with NO user interaction.
Most of the bots are on windows XP and 7, and soon 8.
Most of the computers are on those OSes, which makes that kind of a tautology.
That you really think that modern viruses require user interaction, and insist on running outdated software, kind of scares me.
My post was pretty clearly about caring for ON DUTY servicemen, NOT veterans. Someone on a space station wouldnt be a veteran, theyd be on-duty.
Veteran's care is a whole other area of discussion.