Proxy

[damaged]

I undertood exactly what you meant, sorry if it appeared otherwise. , the link I provided included that clarification, yet, I will summarize: MAC addresses ONLY appear on the LAN segment, he cannot see, log, act upon, detect, tie their forums to, or anything else wrt other hosts MAC addies since he cannot see MACs on the internet. Your MAC address never leaves the LAN.

Ok if you are on a router, then you will have to 'punch' holes in your router to allow certain ports, so unless you know how to add (N)PAT entries to your router, I will need the model/make of the router as well. If you DO know how to add them, then say so, and I will tell you what ports and so on.

Also, if you have a software firewall, you may have to open them (a few ports) up too (do not worry, none of these ports being opened exposes you to anymore danger than having any instant messanger running[1].

[1] This of course precludes errors in code which could lead to a security issue. Tor and privoxy, setup as shown, will not let anyone use your system without your express allowlance or/and knowledge.

 

[Peter Parker]

Your link wasa google search. Maybe one of the links there commented but it waoudl be hard to glean that from the post.

And the folks at Netbula insist that their software CAN detect MAC addresses. Are they blowing smoke? Perhaps. But I guess what I was interested in was an explanation of how. It does not make sense to me but I will pursue it with them and share what I find out.

 

[damaged]

Is Netbula an ISP?

If Netbula is an ISP, they MAY be able to see their own customers MACs (and noone elses), _IF_ the ISP(Netbula) uses RFC 1918 (the ips like 192.168. and 10., etc) address assignment to its users, (you never get a real ip only the isps edge would, and it would just NAT/PAT all their customers, this is done when an ISP cannot get enough ARIN ip space). BUT even then they can ONLY see THEIR customers MAC addies (because technically ALL the ISPs clients are on the same giant LAN).

And again, even if they do observe their clients' MAC addies, this does nothing to bypass the anonimizing features of a tor proxy (or any proxy outside of the ISPs control), they cannot tell you a thing about where the packets went, what was in them etc, as they are encrypted, and not under their control (once you make a request through tor, and it leaves your router, Netbula, isp or not, has 0 control and 0 ability to track, log, observe, that tor(or remote proxy) traffic, it leaves the ISPs control after it enters the first tor proxy in the chain) and i am 100% sure they arent able to crack that (since a new key is generated for each hop in the onion system). If you want proof, I will send you my MAC address and real ip in a PM to you, then you tell me where this forums are, i will use tor, goto their forums, and I dare them to tell me my orig ip, they can't.

Now if they are not an isp, or they assign their customers real ips to the customers routers, then there is NO WAY they can utilize MAC addresses, It's very basic network law. I tried my best to clarify, but I cannot force you to believe me. There are millions of online documents covering all this, all of them supporting my statements.

 

[Peter Parker]

Netbula is a software company. They are one source for forum software. Perhaps you have seen forums that use Anyboard" that is their product. I am not sure why you hink they are an ISP.

they are saying that board ops who use their software can read the MAC addreses of people who post. In other wors if you posted as three different names they would know that all three came from one MAC address. Thus defeating some of the advantages of proxy servers. In fact preventing trolls from doing this is one of their selling points.

What they aren't doing is telling me how they read this. Again I will see what I can find out and share it. I am skeptical. That is why I have asked the question.

 

[damaged]

I only brought the possibility that Netbula might be a ISP for the purpose of fittting them into the scenario I outlined. No I have not seen (knowingly) any of their products, but I can assure you 100%, they cannot read MAC address of other people on the internet, they are mistaken, or lying. There is 0 truth there. It is simple, MAC address are TOTALLY incapable of traversing the internet, MACs work on a much lower level, they are used BEFORE you are assigned a REAL ip, they do not traverse the tcp/ip stack, they are MUCH lower than that layer, and that layer that MACs are on, are NOT internet routable..period. I am 36 yrs old, and have been using computers since I was 10, started into networking around 19 yrs old, so, I am not just guessing here.

 

[Peter Parker]

Thanks for that info. Again I will share any info that they might provide.

 

[damaged]

Thanks for that info. Again I will share any info that they might provide.

Anytime Please do not read my words as being argumentative or hostile, I just really want to make sure the readers understand. good luck.

Ok, went to see what product Netbula is pushing(should have done it sooner, but I'm lazy), and it seems they use a proprietary client/server model, in this case, they can have the client end pull the MAC address from the windows registry and append it to any requests, THIS is possible, BUT only if the other end is using the Netbula client to connect to their server, if someone posts without using their client (if its possible) then my statement stands true(unless they also run an activex,java,etc that has the same ability to read the registry). So if thats the case, simply don't use their client, or their forums, since if that is how it works, the server-side could just as easily pull other things from your registry, saved passwords, credit card numbers, your real ip, god knows what else (I am not saying they are, I am sure they are respectable), but, normally, from a purly security standpoint, I would probably recommend clients stay FAR away from something this intrusive.

And if you installed the client on your machine, you've pretty much opened yourself up for them to snag your MAC, this could just as easily be done with a trojan/virus, java, activeX, etc...which if you are using the internet running as an administrative user, AND using internet explorer, you got bigger security worries than posting anonimously. You could, run as a non admin user, disallow activex controls to be ran, use proper java app permissions, and even their client won't be able to 'snag' your MAC from the registry, also, remember MAC addies are super easy to fake, so if that is the only security measure to determain who is who, that can be easily forged rendering their system useless (most average windows users however do not have this level of knowledge, or simply do not realize MACs can be changed easily), of course, being a company, they would not like that kind of information to be widly known.


But again, my statments stand, MACs cannot be routable. They are simply stealing it from the registry and appending it through their client/server model.

All that being said, tor does the job it states, but when you introduce other factors (such as running as a user with administrator permissions, not locking down activenoone should ever enable this perdiod anyways), or allowing java apps to run with full permissions, and the like, then no, tor cannot protect you from yourself, anonimitiy relies on all bases being covered.

 

[John W]

You are going to come in real handy around here Damaged, make sure you hang around.

 

[damaged]

You are going to come in real handy around here Damaged, make sure you hang around.

Thanks, I did not think my knowledge would be considered handy on a satellite forum...go figure .

I presently do not see me leaving here anytime soon.

 

[Peter Parker]

I don't believe that he users of the a nyboard forums install any client. They simply use their browser and post as we do here. But no one ever claimed that MAC addreses were routable. I simply inquired if they could be read by someone operating a board. Your last post seems to indicate that they can be.

Thanks for the confirmation.

 

[damaged]

If the site uses activex or java code (yes those would be considered a client, even if you did not 'install' it, when the page loads and asks if you want to run and install a control (or if your perms are real weak it wont ask at all and simply install itself (can you say 'spyware' and 'malware'?), it doesnt even have to have an interface and doesnt even have to show up in the taskbar, or even taskman) AND the permissions are set in your browser to allow such actions then of course, even withOUT a client/server setup, anything on your computer can be retrived when the security is lax. So you could replace 'MAC' with anything in the registry and it would be the same.

So if youre asking if someone with a setup as described above can have their MAC addy retrieved remotley via scripting methods mixed with lax security, then yes, it's probable, BUT if _I_ (or someone with a setup that is stricter) went to their forms with that setup, no way they can snag my mac, as i have no registry, no activex, java is set to deny local filesystem access, and I do not run as root (adminstrator), and my OS/browser isnt swiss cheese.

So the answer is not and cannot be a 'yes' or 'no' reply, it would have to be 'depends on the site in question, the security of your setup, the software used, and whom your running as, user or admin.' reply.

And besides you missed the whole point, even if in fairytale land they could see evry MAC, that in itself is USELESS, 100% useless, it would be no mroe useful than a tracking cookie, only the MAC is even easier to change than a cookie (md5 hashed or equiv). So wheather or not they can get the mac, still makes the idea of 'making a proxy useless' from knowing a users MAC is STILL laughable at best.

Their insitance that this(getting someones MAC addy) is some kind of tool for defeating proxies is bogus at best, and outright FUD at worst.

This was a snippet your original question:
track visitors and posters by their MAC addresses---therby defeating proxies.

They may be able to track, but that does nothing to defeat the anonimizing of the tor network(or any anonimizing proxy), all they could know is that its the same guy, they still have no ip address, no route to the actual host, now if they have a record of a previous visit where you did NOT use tor, and they record the MAC (gotten from the activex or whatever) and store it with the associated ip addy, then you come back with the tor proxy enabled and it again has the activex snag the mac, they can associate it back to the ip they last saw you on with, but if you changed ips, then they would only know the last one you used without the proxy.

So, tracking, yes, but only if the client system is not secured properly, defeating proxies? unlikly unless, again, the client system is not secured properly. Keep in mind, windows as shipped, even patched upto date, is NOT secure enough to prevent this kind of intrusion (that darn activex is evil i tell ya).

If you click(assuming you have 'Prompt' for install activex controls) on install/run activex control (signed or not) as a user with admin privs, then you have just basically opened your system to that party, and retrieval of data (MAC addresses or passwords, etc.)is trivial.

And if you have 'Allow' (ALOT of windows users have this set to Allow too) for run activex controls etc., well it won't even ask you making comprimising even easier.

whew

 

[Peter Parker]

Again the answer to my question was yes. Thank you.

 

[damaged]

*sigh* - I guess I cannot enlighten everyone. Never was much of a teacher.

 

[Peter Parker]

I hada specific questionand you answered it. Thank you for doing so.

I certainly hope that you stick around and share your knowledge with others. I know that you were most helpful in this case.