What if you change (spoof) the MAC address? Wouldn't this work? Furthermore, is there another way for a bookie to identify that you are using a VM? I suppose creating a VM with default settings would trigger suspicion.Dentz wrote: Problem with VM:s is they have unique mac-address range that can be identified by bookies. When bookie knows you are using VM they instantly know you aren't a regular punter. Best way is to use multiple real computers that each has their own connections(ip and mac). Costly, but effective.
Mac address detected by iesnare or..
- sonic
- Gaining experience
- Karma: 3
Post
Re: Mac address detected by iesnare or..
- Dentz
- Gaining experience
- Karma: 12
Post
Re: Mac address detected by iesnare or..
Spoofing might work, but with VM-ware last three mac-address hexas are unique to VM-ware even if you try to change them. They need to be on specific range otherwise VM-ware won't understand your eth-device.
There is also various methods to check if ppl are using virtualization or not. One is to check if Hypervisor is installed on a windoze machine(CPUID instruction to check the hypervisor-present bit (bit 31 of register ECX). Linux hosts usually have some info about vituals on proc/cpuinfo. I don't know if iesnare or similars can fetch the required info, but we need to be cautious about the possibility.
There is also various methods to check if ppl are using virtualization or not. One is to check if Hypervisor is installed on a windoze machine(CPUID instruction to check the hypervisor-present bit (bit 31 of register ECX). Linux hosts usually have some info about vituals on proc/cpuinfo. I don't know if iesnare or similars can fetch the required info, but we need to be cautious about the possibility.
Never lose your capital.
- freaked
- Has experience
- Karma: 4
Post
Re: Mac address detected by iesnare or..
Is Iesnare the only data sharing software we know of?
As I understand it gets the same digital fingerprint that any website that uses javascript can see, the only thing that makes it less secure is that this is stored in a central system and shared between subscribers.
Or can it access more information such as our mac address?
As I understand it gets the same digital fingerprint that any website that uses javascript can see, the only thing that makes it less secure is that this is stored in a central system and shared between subscribers.
Or can it access more information such as our mac address?
- Dentz
- Gaining experience
- Karma: 12
Post
Re: Mac address detected by iesnare or..
As far as I can see iesnare can see your mac and various other information like installation date of your os, hard-disk id:s etc. which are stored in their online database.
Read these:
https://www.reddit.com/r/TeraOnline/comments/29hnnj/tera_using_iovation_iesnare_tracking_just_fyi/
https://seclab.cs.ucsb.edu/media/uploads/papers/sp2013_cookieless.pdf
Iesnare patent application:
https://www.google.com/patents/US20080040802
Read these:
https://www.reddit.com/r/TeraOnline/comments/29hnnj/tera_using_iovation_iesnare_tracking_just_fyi/
https://seclab.cs.ucsb.edu/media/uploads/papers/sp2013_cookieless.pdf
Iesnare patent application:
https://www.google.com/patents/US20080040802
Never lose your capital.
- my_username
- Has experience
- Karma: -1
Post
Re: Mac address detected by iesnare or..
yes, iesnare is invasive as fuck and probably illegal in half of EU but heey, bookies are mafia and there's nothing you/we can do about it, except hide, which is pretty easy, even from iesnare
- freaked
- Has experience
- Karma: 4
Post
Re: Mac address detected by iesnare or..
I have read both the study and the study linked patent.
The most worrying part of the study is the bottom row of table 1 on page 3. It seems that the companies can read our hardware details, such as “driver enumeration” and “device identifiers”. The “SFP” next to these indicates that they read the hard drive data from a plugin only. How do I stop these plugins from reaching my device?
The study also covers 2 more companies; BlueCava and ThreatMetrix. Should we take further steps to protect ourselves from these?
In the study linked patent, the following is the most interesting paragraph. The “client” referred to is the program that runs code to spy on us;
“The client may also be delivered through a stand-alone application, imbedded within a common software product like a web browser, or even imbedded in hardware or memory, any of which would be required to be running when a connection to a network is authenticated by a network service provider protected by this system. The client could also be delivered on demand, through a JavaScript, ActiveX control, or similar technology as a user connects to a network service provider through their favorite web browser.”
Can we stop the “client from being delivered” (stop the program getting on my device)?
Another interesting piece is
“The method also generates a Network Device Fingerprint (NDF) for each device by unobtrusively gathering information about the device, such as hardware serial numbers, software serial numbers, install dates”
How can they get this information? Can we stop them from getting it or change the information?
The most worrying part of the study is the bottom row of table 1 on page 3. It seems that the companies can read our hardware details, such as “driver enumeration” and “device identifiers”. The “SFP” next to these indicates that they read the hard drive data from a plugin only. How do I stop these plugins from reaching my device?
The study also covers 2 more companies; BlueCava and ThreatMetrix. Should we take further steps to protect ourselves from these?
In the study linked patent, the following is the most interesting paragraph. The “client” referred to is the program that runs code to spy on us;
“The client may also be delivered through a stand-alone application, imbedded within a common software product like a web browser, or even imbedded in hardware or memory, any of which would be required to be running when a connection to a network is authenticated by a network service provider protected by this system. The client could also be delivered on demand, through a JavaScript, ActiveX control, or similar technology as a user connects to a network service provider through their favorite web browser.”
Can we stop the “client from being delivered” (stop the program getting on my device)?
Another interesting piece is
“The method also generates a Network Device Fingerprint (NDF) for each device by unobtrusively gathering information about the device, such as hardware serial numbers, software serial numbers, install dates”
How can they get this information? Can we stop them from getting it or change the information?
- freaked
- Has experience
- Karma: 4
Post
Re: Mac address detected by iesnare or..
My solution for the moment is to only have essential plugins on my browser, and only activate them when I must.
As for the 2 named companies and possible others, I use uMatrix and Adblock plus which have blacklists so I would hope this blocks them.
Any better solutions?
As for the 2 named companies and possible others, I use uMatrix and Adblock plus which have blacklists so I would hope this blocks them.
Any better solutions?
So even if I spoof my mac on my device, if the router is not in bridged mode it just shows the router MAC address? I usually use my iPhone for tethering and don't think I can spoof it's MAC address.Dentz wrote: If you guys config your router to bridged mode then it is your computers mac that is visible and not routers.
- Dentz
- Gaining experience
- Karma: 12
Post
Re: Mac address detected by iesnare or..
Well ip visible to inet is usually your routers because most routers are in natted mode by default and your computers ip is private like 192.168.x.x range. Iesnare as I understood can probe your computers mac and thats how they identify you unless you somehow spoof or change eth-card, computer etc. to prevent this.
Never lose your capital.
- freaked
- Has experience
- Karma: 4
Post
Re: Mac address detected by iesnare or..
The quote in my last post implies that the mac of the router is visible, now you only mention the IP of the router?
I can change the IP easily by resetting my router, and I can spoof the MAC of my computer, but I can't spoof the MAC of my router, can they track us by this even if we use different IP addresses?
I can change the IP easily by resetting my router, and I can spoof the MAC of my computer, but I can't spoof the MAC of my router, can they track us by this even if we use different IP addresses?
- Dentz
- Gaining experience
- Karma: 12
Post
Re: Mac address detected by iesnare or..
Ip datagram has ip and mac of sender so if you are looking outside of your private network with some sniffer like ethereal(man in the middle) you see routers ip and mac. Iesanare goes on application layer of osi-model and goes with your browser directly to your computer and looks everything that your computers hardware can tell and sends that to iesnare developers database or to bookie.
Hope this helps.
Hope this helps.
Never lose your capital.
- Skaggerak
- Pro
- Karma: 1
Post
When using device data/mobile broadband tethered or used as a wi-fi connection there is no physical router in our possession, so router settings cannot be changed. I would presume the connections to the routers these devices use are bridged as they are run by companies that have to mass-produce ips and connections for millions of people.
is there any way of finding out whether or not the servers we connect to via mobile data/tethering devices are bridged or unbridged and would this solve the problem of needing to change a tethering devices mac address? As Dentz stated in a previous post, if a router is set to bridged then only the computer mac is being shown, not the router (or the tethering device I presume). Also is there a way of finding out what the mac address of a tethering device is?
Re: Mac address detected by iesnare or..
This is similar to what I do and I'm confused about it.freaked wrote: I usually use my iPhone for tethering and don't think I can spoof it's MAC address.
When using device data/mobile broadband tethered or used as a wi-fi connection there is no physical router in our possession, so router settings cannot be changed. I would presume the connections to the routers these devices use are bridged as they are run by companies that have to mass-produce ips and connections for millions of people.
is there any way of finding out whether or not the servers we connect to via mobile data/tethering devices are bridged or unbridged and would this solve the problem of needing to change a tethering devices mac address? As Dentz stated in a previous post, if a router is set to bridged then only the computer mac is being shown, not the router (or the tethering device I presume). Also is there a way of finding out what the mac address of a tethering device is?
- Dentz
- Gaining experience
- Karma: 12
Post
Re: Mac address detected by iesnare or..
From wikipedia https://en.wikipedia.org/wiki/Tethering
"For IPv4 networks, the tethering normally works via NAT on the handset's existing data connection"
So, it's NATted connection by default and your phones ip-address is the one that is showing to outside. There are some apps for rooted android devices that has more options to configure with tethering, but I haven't tried em.
"For IPv4 networks, the tethering normally works via NAT on the handset's existing data connection"
So, it's NATted connection by default and your phones ip-address is the one that is showing to outside. There are some apps for rooted android devices that has more options to configure with tethering, but I haven't tried em.
Never lose your capital.
- Skaggerak
- Pro
- Karma: 1
Post
Re: Mac address detected by iesnare or..
Upon reading this discussion would it be safe to say that VMs are essentially useless to us? Yes they hide a previous Mac address that would be known which would raise a red flag but they also raise a flag in themselves by having a unique address which potentially exposes them as suspicious devices.
- Skaggerak
- Pro
- Karma: 1
Post
Re: Mac address detected by iesnare or..
Also if a computer and connection is designated to one particular persons accounts then would blocking iesnare be worthwhile? The only reason I can see would be that if it is so malicious that it shares info with all books then maybe it is able to tell all the rest that you have been limited in one when you still have no limits everywhere else. But as some have said here blocking the cookie in itself could be a flag. Its very hard to decide. I think blocking is for the best because as Dentz said its an unknown entity and capable if anything, very shady. I think I recently may have experienced a simultaneous limit that could trace back to before I was aware of this technology and it had already attached itself to me.
- my_username
- Has experience
- Karma: -1
Post
Re: Mac address detected by iesnare or..
VMs aren't useless
blocking iesnare is useless, this only works as long as iesnare is being called from your browser in javascript. what happens if they put this code on the server? the request won't come from your computer and there is no way to block it - learn to beat it
the problem is if you log into different bookies from different account holders on the same pc - this way iesnare can easily tell there is some multi accounting going on
blocking iesnare is useless, this only works as long as iesnare is being called from your browser in javascript. what happens if they put this code on the server? the request won't come from your computer and there is no way to block it - learn to beat it
the problem is if you log into different bookies from different account holders on the same pc - this way iesnare can easily tell there is some multi accounting going on