BetBurger | Live and Pre-game surebets
RebelBetting - Turn betting into investing

Mac address detected by iesnare or..

Make bookmakers cash cow machines
sonic
Gaining experience
Gaining experience
Karma: 3
Posts: 63
Joined: Sat Feb 26, 2011 10:09 pm

Re: Mac address detected by iesnare or..

Mon Aug 03, 2015 11:39 am

Dentz wrote: Problem with VM:s is they have unique mac-address range that can be identified by bookies. When bookie knows you are using VM they instantly know you aren't a regular punter. Best way is to use multiple real computers that each has their own connections(ip and mac). Costly, but effective.
What if you change (spoof) the MAC address? Wouldn't this work? Furthermore, is there another way for a bookie to identify that you are using a VM? I suppose creating a VM with default settings would trigger suspicion.
User avatar
Dentz
Gaining experience
Gaining experience
Karma: 12
Posts: 42
Joined: Tue Sep 16, 2014 11:23 am

Re: Mac address detected by iesnare or..

Tue Aug 04, 2015 6:47 am

Spoofing might work, but with VM-ware last three mac-address hexas are unique to VM-ware even if you try to change them. They need to be on specific range otherwise VM-ware won't understand your eth-device.
There is also various methods to check if ppl are using virtualization or not. One is to check if Hypervisor is installed on a windoze machine(CPUID instruction to check the hypervisor-present bit (bit 31 of register ECX). Linux hosts usually have some info about vituals on proc/cpuinfo. I don't know if iesnare or similars can fetch the required info, but we need to be cautious about the possibility.
Never lose your capital.
freaked
Has experience
Has experienceHas experience
Karma: 4
Posts: 192
Joined: Thu Apr 07, 2016 10:17 am

Re: Mac address detected by iesnare or..

Sun Apr 24, 2016 3:50 pm

Is Iesnare the only data sharing software we know of?

As I understand it gets the same digital fingerprint that any website that uses javascript can see, the only thing that makes it less secure is that this is stored in a central system and shared between subscribers.
Or can it access more information such as our mac address?
User avatar
Dentz
Gaining experience
Gaining experience
Karma: 12
Posts: 42
Joined: Tue Sep 16, 2014 11:23 am

Re: Mac address detected by iesnare or..

Sun Apr 24, 2016 5:05 pm

As far as I can see iesnare can see your mac and various other information like installation date of your os, hard-disk id:s etc. which are stored in their online database.

Read these:

https://www.reddit.com/r/TeraOnline/comments/29hnnj/tera_using_iovation_iesnare_tracking_just_fyi/

https://seclab.cs.ucsb.edu/media/uploads/papers/sp2013_cookieless.pdf
Iesnare patent application:
https://www.google.com/patents/US20080040802
Never lose your capital.
my_username
Has experience
Has experienceHas experience
Karma: -1
Posts: 109
Joined: Fri Dec 04, 2015 10:38 am

Re: Mac address detected by iesnare or..

Mon Apr 25, 2016 11:12 am

yes, iesnare is invasive as fuck and probably illegal in half of EU but heey, bookies are mafia and there's nothing you/we can do about it, except hide, which is pretty easy, even from iesnare
freaked
Has experience
Has experienceHas experience
Karma: 4
Posts: 192
Joined: Thu Apr 07, 2016 10:17 am

Re: Mac address detected by iesnare or..

Wed Apr 27, 2016 3:34 pm

I have read both the study and the study linked patent.

The most worrying part of the study is the bottom row of table 1 on page 3. It seems that the companies can read our hardware details, such as “driver enumeration” and “device identifiers”. The “SFP” next to these indicates that they read the hard drive data from a plugin only. How do I stop these plugins from reaching my device?

The study also covers 2 more companies; BlueCava and ThreatMetrix. Should we take further steps to protect ourselves from these?

In the study linked patent, the following is the most interesting paragraph. The “client” referred to is the program that runs code to spy on us;

“The client may also be delivered through a stand-alone application, imbedded within a common software product like a web browser, or even imbedded in hardware or memory, any of which would be required to be running when a connection to a network is authenticated by a network service provider protected by this system. The client could also be delivered on demand, through a JavaScript, ActiveX control, or similar technology as a user connects to a network service provider through their favorite web browser.”

Can we stop the “client from being delivered” (stop the program getting on my device)?

Another interesting piece is
“The method also generates a Network Device Fingerprint (NDF) for each device by unobtrusively gathering information about the device, such as hardware serial numbers, software serial numbers, install dates”

How can they get this information? Can we stop them from getting it or change the information?
freaked
Has experience
Has experienceHas experience
Karma: 4
Posts: 192
Joined: Thu Apr 07, 2016 10:17 am

Re: Mac address detected by iesnare or..

Sat May 21, 2016 9:13 am

My solution for the moment is to only have essential plugins on my browser, and only activate them when I must.

As for the 2 named companies and possible others, I use uMatrix and Adblock plus which have blacklists so I would hope this blocks them.
Any better solutions?
Dentz wrote: If you guys config your router to bridged mode then it is your computers mac that is visible and not routers.
So even if I spoof my mac on my device, if the router is not in bridged mode it just shows the router MAC address? I usually use my iPhone for tethering and don't think I can spoof it's MAC address.
User avatar
Dentz
Gaining experience
Gaining experience
Karma: 12
Posts: 42
Joined: Tue Sep 16, 2014 11:23 am

Re: Mac address detected by iesnare or..

Sat May 21, 2016 10:35 am

Well ip visible to inet is usually your routers because most routers are in natted mode by default and your computers ip is private like 192.168.x.x range. Iesnare as I understood can probe your computers mac and thats how they identify you unless you somehow spoof or change eth-card, computer etc. to prevent this.
Never lose your capital.
freaked
Has experience
Has experienceHas experience
Karma: 4
Posts: 192
Joined: Thu Apr 07, 2016 10:17 am

Re: Mac address detected by iesnare or..

Sat May 21, 2016 4:47 pm

The quote in my last post implies that the mac of the router is visible, now you only mention the IP of the router?

I can change the IP easily by resetting my router, and I can spoof the MAC of my computer, but I can't spoof the MAC of my router, can they track us by this even if we use different IP addresses?
User avatar
Dentz
Gaining experience
Gaining experience
Karma: 12
Posts: 42
Joined: Tue Sep 16, 2014 11:23 am

Re: Mac address detected by iesnare or..

Sat May 21, 2016 5:31 pm

Ip datagram has ip and mac of sender so if you are looking outside of your private network with some sniffer like ethereal(man in the middle) you see routers ip and mac. Iesanare goes on application layer of osi-model and goes with your browser directly to your computer and looks everything that your computers hardware can tell and sends that to iesnare developers database or to bookie.
Hope this helps.
Never lose your capital.
Skaggerak
Pro
ProProProPro
Karma: 1
Posts: 552
Joined: Thu May 08, 2014 12:04 am

Re: Mac address detected by iesnare or..

Thu Jun 16, 2016 8:41 am

freaked wrote: I usually use my iPhone for tethering and don't think I can spoof it's MAC address.
This is similar to what I do and I'm confused about it.
When using device data/mobile broadband tethered or used as a wi-fi connection there is no physical router in our possession, so router settings cannot be changed. I would presume the connections to the routers these devices use are bridged as they are run by companies that have to mass-produce ips and connections for millions of people.
is there any way of finding out whether or not the servers we connect to via mobile data/tethering devices are bridged or unbridged and would this solve the problem of needing to change a tethering devices mac address? As Dentz stated in a previous post, if a router is set to bridged then only the computer mac is being shown, not the router (or the tethering device I presume). Also is there a way of finding out what the mac address of a tethering device is? 
User avatar
Dentz
Gaining experience
Gaining experience
Karma: 12
Posts: 42
Joined: Tue Sep 16, 2014 11:23 am

Re: Mac address detected by iesnare or..

Fri Jun 17, 2016 4:41 am

From wikipedia https://en.wikipedia.org/wiki/Tethering

"For IPv4 networks, the tethering normally works via NAT on the handset's existing data connection"

So, it's NATted connection by default and your phones ip-address is the one that is showing to outside. There are some apps for rooted android devices that has more options to configure with tethering, but I haven't tried em.
Never lose your capital.
Skaggerak
Pro
ProProProPro
Karma: 1
Posts: 552
Joined: Thu May 08, 2014 12:04 am

Re: Mac address detected by iesnare or..

Fri Jun 17, 2016 9:00 am

Upon reading this discussion would it be safe to say that VMs are essentially useless to us? Yes they hide a previous Mac address that would be known which would raise a red flag but they also raise a flag in themselves by having a unique address which potentially exposes them as suspicious devices.
Skaggerak
Pro
ProProProPro
Karma: 1
Posts: 552
Joined: Thu May 08, 2014 12:04 am

Re: Mac address detected by iesnare or..

Fri Jun 17, 2016 9:09 am

Also if a computer and connection is designated to one particular persons accounts then would blocking iesnare be worthwhile? The only reason I can see would be that if it is so malicious that it shares info with all books then maybe it is able to tell all the rest that you have been limited in one when you still have no limits everywhere else. But as some have said here blocking the cookie in itself could be a flag. Its very hard to decide. I think blocking is for the best because as Dentz said its an unknown entity and capable if anything, very shady. I think I recently may have experienced a simultaneous limit that could trace back to before I was aware of this technology and it had already attached itself to me.
my_username
Has experience
Has experienceHas experience
Karma: -1
Posts: 109
Joined: Fri Dec 04, 2015 10:38 am

Re: Mac address detected by iesnare or..

Fri Jun 17, 2016 9:32 am

VMs aren't useless
blocking iesnare is useless, this only works as long as iesnare is being called from your browser in javascript. what happens if they put this code on the server? the request won't come from your computer and there is no way to block it - learn to beat it
the problem is if you log into different bookies from different account holders on the same pc - this way iesnare can easily tell there is some multi accounting going on

Return to “Arbing, matched betting and trading talk”