RE: [Full-Disclosure] client - server
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aditya Deshmukh [...] - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) U don't need to change all this because the website cannot see you mac address unless u are in the same network segment If you're using a Windows box with a USB modem as opposed to a router then a netbios query will disclose your MAC address remotely (try nbtstat -a boxname). Don't run USB modems, or use host protection. Cheers, ben ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] client - server
I mean: Looks like some thing else is being used over here - a simple ip check doesn't work with dynamic addresses... yes - cookies can be deleted Yes - computer name can be changed They cannot get your host name / domain name untill u or your isp have setup the rdns names or u are setting up some kind of domain names - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) U don't need to change all this because the website cannot see you mac address unless u are in the same network segment Anything else ? How the hell do they recognize me ? I think they do not recognise you but they have simply banned the whole class C / B where u live on the net - nothing to guess this way ... Matteo Giannone Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
Most likely they might have blocked the entire pool of IP belonging to your ISP try to visit the website with a proxy server On Sun, 27 Feb 2005 21:29:18 -0500, Eric Windisch [EMAIL PROTECTED] wrote: On Mon, 2005-02-28 at 02:43 +0100, Matteo Giannone wrote: - a simple ip check doesn't work with dynamic addresses... It will work for as long as your IP is valid. They can also ban the entire IP block (aka, your ISP) - computer name can be changed - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) Your browser will not (or should not, anyway) reveal your computer name or mac address. Anything else ? User-agents and referers. Some browsers can send quite a bit of information in the user-agent string. It could also be a content filter between you and the web site in question. Schools and parents setup these to censor the surfing of children. Many companies filter their content too, due to the distraction (and legal ramifications) brought about by warez and pornography. How the hell do they recognize me ? By the tin-foil hat ;) -- Eric Windisch [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Gautam R. Singh http://www.google.com/search?q=gautam.singh%40gmail.com [mcp,ccna,cspfa,] t: +91 9885576081 | pgp: http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
which informations can a server get about a client running M$ windows XP ? I cannot access a website because i have been banned and I'd like to understand how they recognize me for sure. All sorts of stuff. Visit browserspy (http://gemal.dk/browserspy/) for a bunch of tests. Java is one excellent way to steal the goods (and many browserspy tests use that). The 'short' answer is, however, probably a simple IP check. I mean: - a simple ip check doesn't work with dynamic addresses... - cookies can be deleted - computer name can be changed - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) MAC address? That's not visible past the DSLAM. As for dynamic addresses, have you kept track? I have (supposed) dynamic addresses at home and it's not changed in over a year. You should dump the DSL modem and get a conventional ethernet one. Then change the MAC on your ethernet card at will (this will get you new addresses). There probably is a way to access the innerds of the USB one but you'd probably have to take it apart and locate the serial port. ~Mike. Anything else ? How the hell do they recognize me ? Matteo Giannone 6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero! Scaricalo su INTERNET GRATIS 6X http://www.libero.it ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
I have made all tests on that website : none revealing informations that can recognize me. I mean: if mozilla would send its SERIAL NUMBER (if it exsts) that is a way to identify my own copy of mozilla. which informations can a server get about a client running M$ windows XP ? I cannot access a website because i have been banned and I'd like to understand how they recognize me for sure. All sorts of stuff. Visit browserspy (http://gemal.dk/browserspy/) for a bunch of tests. Java is one excellent way to steal the goods (and many browserspy tests use that). The 'short' answer is, however, probably a simple IP check. I mean: - a simple ip check doesn't work with dynamic addresses... - cookies can be deleted - computer name can be changed - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) MAC address? That's not visible past the DSLAM. As for dynamic addresses, have you kept track? I have (supposed) dynamic addresses at home and it's not changed in over a year. You should dump the DSL modem and get a conventional ethernet one. Then change the MAC on your ethernet card at will (this will get you new addresses). There probably is a way to access the innerds of the USB one but you'd probably have to take it apart and locate the serial port. ~Mike. Anything else ? How the hell do they recognize me ? Matteo Giannone 6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero! Scaricalo su INTERNET GRATIS 6X http://www.libero.it ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Navighi a 2 MEGA e i primi 3 mesi sono GRATIS. Scegli Libero Adsl Flat senza limiti su http://www.libero.it ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
It is impossible that they banned a block of addresses of my ISP, because that is a webserver where you play games: most of the people playing games there use my same ISP and also live near me. I am sure that my IP address changes in couple of hours after disconnections. I deleted cookies, changed computer name, used different browsers ActiveX controls are disabled by default on Internet explorer. I really don't understand how they can ban me. Are you all sure they cannot know my MAC address? I think they know it when I connect to the server (i remember something of TCP/IP stack and encapsulation/decapsulation) Most likely they might have blocked the entire pool of IP belonging to your ISP try to visit the website with a proxy server On Sun, 27 Feb 2005 21:29:18 -0500, Eric Windisch [EMAIL PROTECTED] wrote: On Mon, 2005-02-28 at 02:43 +0100, Matteo Giannone wrote: - a simple ip check doesn't work with dynamic addresses... It will work for as long as your IP is valid. They can also ban the entire IP block (aka, your ISP) - computer name can be changed - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) Your browser will not (or should not, anyway) reveal your computer name or mac address. Anything else ? User-agents and referers. Some browsers can send quite a bit of information in the user-agent string. It could also be a content filter between you and the web site in question. Schools and parents setup these to censor the surfing of children. Many companies filter their content too, due to the distraction (and legal ramifications) brought about by warez and pornography. How the hell do they recognize me ? By the tin-foil hat ;) -- Eric Windisch [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Gautam R. Singh http://www.google.com/search?q=gautam.singh%40gmail.com [mcp,ccna,cspfa,] t: +91 9885576081 | pgp: http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: [EMAIL PROTECTED] Navighi a 2 MEGA e i primi 3 mesi sono GRATIS. Scegli Libero Adsl Flat senza limiti su http://www.libero.it ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
Are you all sure they cannot know my MAC address? I think they know it when I connect to the server (i remember something of TCP/IP stack and encapsulation/decapsulation) Only if some 3rd party application (like the game) is sending it (this is how xbox modchip users get nicked .. also using a similar trick involving the HDD serial number). If you're banned with this game (but nothing else) .. perhaps it's something involving the game's serial number? Accounts on Doom servers (and the like) have been banned in the past for a variety of reasons. If this is plane-jane HTTP, try using an anonymous proxy server to hide your address (get one from www.multiproxy.org). MAC addresses don't make it past any layer2 device (dslam is basically a fancy switch) unless you're doing something like DLSW (which being a residential DSL subscriber, you're not). ~Mike. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
A MAC address can be queried on a windows box via the registry - if you have access. This can be done with [null] sessions and netbios. So, depending on security, connectivity, access permissions, etc - it may be possible to obtain this information. On Mon, 28 Feb 2005 11:18:49 -0500, Michael Holstein [EMAIL PROTECTED] wrote: which informations can a server get about a client running M$ windows XP ? I cannot access a website because i have been banned and I'd like to understand how they recognize me for sure. All sorts of stuff. Visit browserspy (http://gemal.dk/browserspy/) for a bunch of tests. Java is one excellent way to steal the goods (and many browserspy tests use that). The 'short' answer is, however, probably a simple IP check. I mean: - a simple ip check doesn't work with dynamic addresses... - cookies can be deleted - computer name can be changed - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) MAC address? That's not visible past the DSLAM. As for dynamic addresses, have you kept track? I have (supposed) dynamic addresses at home and it's not changed in over a year. You should dump the DSL modem and get a conventional ethernet one. Then change the MAC on your ethernet card at will (this will get you new addresses). There probably is a way to access the innerds of the USB one but you'd probably have to take it apart and locate the serial port. ~Mike. Anything else ? How the hell do they recognize me ? Matteo Giannone 6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero! Scaricalo su INTERNET GRATIS 6X http://www.libero.it ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- ME2 my home: http://www.santeriasys.net/ my photos: http://mespinola.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
What is the game? Perhaps they are blocking you by an internal User/Player ID number. I know that's how effective blocking is done in CounterStrike:Source. On Mon, 28 Feb 2005 17:49:01 +0100, Matteo Giannone [EMAIL PROTECTED] wrote: It is impossible that they banned a block of addresses of my ISP, because that is a webserver where you play games: most of the people playing games there use my same ISP and also live near me. I am sure that my IP address changes in couple of hours after disconnections. I deleted cookies, changed computer name, used different browsers ActiveX controls are disabled by default on Internet explorer. I really don't understand how they can ban me. Are you all sure they cannot know my MAC address? I think they know it when I connect to the server (i remember something of TCP/IP stack and encapsulation/decapsulation) Most likely they might have blocked the entire pool of IP belonging to your ISP try to visit the website with a proxy server On Sun, 27 Feb 2005 21:29:18 -0500, Eric Windisch [EMAIL PROTECTED] wrote: On Mon, 2005-02-28 at 02:43 +0100, Matteo Giannone wrote: - a simple ip check doesn't work with dynamic addresses... It will work for as long as your IP is valid. They can also ban the entire IP block (aka, your ISP) - computer name can be changed - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) Your browser will not (or should not, anyway) reveal your computer name or mac address. Anything else ? User-agents and referers. Some browsers can send quite a bit of information in the user-agent string. It could also be a content filter between you and the web site in question. Schools and parents setup these to censor the surfing of children. Many companies filter their content too, due to the distraction (and legal ramifications) brought about by warez and pornography. How the hell do they recognize me ? By the tin-foil hat ;) -- Eric Windisch [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Gautam R. Singh http://www.google.com/search?q=gautam.singh%40gmail.com [mcp,ccna,cspfa,] t: +91 9885576081 | pgp: http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: [EMAIL PROTECTED] Navighi a 2 MEGA e i primi 3 mesi sono GRATIS. Scegli Libero Adsl Flat senza limiti su http://www.libero.it ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- ME2 my home: http://www.santeriasys.net/ my photos: http://mespinola.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
Am Montag, den 28.02.2005, 02:43 +0100 schrieb Matteo Giannone: Hi list, which informations can a server get about a client running M$ windows XP ? I cannot access a website because i have been banned and I'd like to understand how they recognize me for sure. [...] use a sniffer and find out ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] client - server
Hi list, which informations can a server get about a client running M$ windows XP ? I cannot access a website because i have been banned and I'd like to understand how they recognize me for sure. I mean: - a simple ip check doesn't work with dynamic addresses... - cookies can be deleted - computer name can be changed - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) Anything else ? How the hell do they recognize me ? Matteo Giannone 6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero! Scaricalo su INTERNET GRATIS 6X http://www.libero.it ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html