Re: [Full-Disclosure] client - server

From: Michael Holstein (michael.holstein_at_csuohio.edu)
Date: 02/28/05

Next message: Sune Kloppenborg Jeppesen: "[Full-Disclosure] [ GLSA 200502-31 ] uim: Privilege escalation vulnerability"

Previous message: DAN MORRILL: "Re: Fw: [Full-Disclosure] Google Search and Gmail Correlation(evgpsc verify reciept please)"
In reply to: Matteo Giannone: "[Full-Disclosure] client - server"
Next in thread: Micheal Espinola Jr: "Re: [Full-Disclosure] client - server"
Reply: Micheal Espinola Jr: "Re: [Full-Disclosure] client - server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 28 Feb 2005 11:18:49 -0500
To: Matteo Giannone <rebonzo@libero.it>

> which informations can a server get about a client running M$ windows XP ?
> I cannot access a website because i have been "banned" and I'd like to
> understand how they recognize me for sure.

All sorts of stuff. Visit browserspy (http://gemal.dk/browserspy/) for a
bunch of tests. Java is one excellent way to steal the goods (and many
browserspy tests use that).

The 'short' answer is, however, probably a simple IP check.
>
> I mean:
> - a simple ip check doesn't work with dynamic addresses...
> - cookies can be deleted
> - computer name can be changed
> - mac address can be changed (even I wasn't able to, because I have a usb dsl
> modem and I cannot change its MAC working with regedit or using tools like smac )

MAC address? That's not visible past the DSLAM. As for dynamic
addresses, have you kept track? I have (supposed) dynamic addresses at
home and it's not changed in over a year.

You should dump the DSL modem and get a conventional ethernet one. Then
change the MAC on your ethernet card at will (this will get you new
addresses). There probably is a way to access the innerds of the USB one
but you'd probably have to take it apart and locate the serial port.

~Mike.
>
> Anything else ?
> How the hell do they recognize me ?
>
> Matteo Giannone
>
>
>
>
> ____________________________________________________________
> 6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero!
> Scaricalo su INTERNET GRATIS 6X http://www.libero.it
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Sune Kloppenborg Jeppesen: "[Full-Disclosure] [ GLSA 200502-31 ] uim: Privilege escalation vulnerability"

Previous message: DAN MORRILL: "Re: Fw: [Full-Disclosure] Google Search and Gmail Correlation(evgpsc verify reciept please)"
In reply to: Matteo Giannone: "[Full-Disclosure] client - server"
Next in thread: Micheal Espinola Jr: "Re: [Full-Disclosure] client - server"
Reply: Micheal Espinola Jr: "Re: [Full-Disclosure] client - server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]