Help - Search - Members - Calendar
Full Version: Cell Phones In Shadowrun
Dumpshock Forums > Discussion > Shadowrun
Pages: 1, 2, 3
KCKitsune
QUOTE (SpellBinder @ May 15 2014, 01:46 AM) *
Protip4: Pertaining to Protip1, if wireless is essential then install a spoof chip in everything that is wireless capable. Use said spoof chips to shuffle the access IDs of your entire PAN before and after engaging in criminal activity.

Why have it change your ID just in the start and the end? Why not change every 15 minutes?
kzt
QUOTE (KCKitsune @ May 18 2014, 10:48 AM) *
Why have it change your ID just in the start and the end? Why not change every 15 minutes?

Because it will disconnect you.
SpellBinder
Changing your access ID severs your connections. (ref Unwired, page 99, Spoofing A Datatrail Online) You don't want to be hacking in a node hot, only to realize that once you're in your spoof chip will change your ID in five seconds. And in game, a MSP routs commcalls based on the access ID of a registered link. If a particular ID isn't registered as online, the call won't go through. (ref Unwired, page 53, Commcodes & page 93, Buying A Better Hacker > Anonymization)

You have a clean access ID before you hack, randomly generate a new one to do your criminal activity, then either randomly change again or revert back to your clean access ID you had before the hack. If someone questions why your clean access ID went offline for a while, just play dumb and say you had to reboot your 'link for any reason you can think of.
DMiller
QUOTE (SpellBinder @ May 19 2014, 03:44 AM) *
If someone questions why your clean access ID went offline for a while, just play dumb and say you had to reboot your 'link for any reason you can think of.

"Damn loose battery connection, dropped out again. I really need to get that fixed."
psychophipps
Or simply pull a "Person of Interest" and clone some random's commlink. How many tactical teams hitting the dead end of a soccer mom's conapt will it take before folks realize that it's probably a waste of time?
Sendaz
QUOTE (psychophipps @ May 21 2014, 08:57 AM) *
How many tactical teams hitting the dead end of a soccer mom's conapt will it take before folks realize that it's probably a waste of time?

Especially if it turns out she is also a Grrl Scout DenMum and the wee cubs kneecap the entire tac team. nyahnyah.gif
Gyrox10
If you need an excuse for a bad battery: Winter camping can be a great way to destroy your battery life.

The laptop I'm typing on went from getting ~2 hour battery life to less than 5 minutes battery life in a couple days of leaving it on sleep in subzero temperatures. In retrospect kind of obviously my mistake, but I didn't think of it at the time.
psychophipps
The laptop thingy is why you always see ski rescue and other winter first responders pulling their walkie-talkies from inside their coats in the movies and TV shows. Batteries and cold weather = no bueno.
Tymeaus Jalynsfein
Muy Muy No Bueno smile.gif
X-Kalibur
Sea air is also really bad for all forms of electronics, you'll likely see most of your electronics brick within 6 months of exposure, depending on how constant it is.
SpellBinder
QUOTE (psychophipps @ May 21 2014, 05:57 AM) *
Or simply pull a "Person of Interest" and clone some random's commlink. How many tactical teams hitting the dead end of a soccer mom's conapt will it take before folks realize that it's probably a waste of time?
This one I really gotta remember.
tete
QUOTE (Sengir @ May 14 2014, 01:06 PM) *
And since I'm already spreading technical enlightenment, there's a bit for tete, too wink.gif

The 13 root servers are just for resolving domain names, no actual web traffic passes through them. Where a lot of traffic does go through are the internet backbones, and that's where the NSA's Utah porn repository gets its data from. Among other places.


Uh yeah dude I know, I didnt want to get into how DNS works... I've been in computer security for along time for todays megacorps and the alphabet agencies. And technically you dont have to use the root servers if you know the ip of ggogle.com etc etc see its a big can of worms much like taking about cell phone ID numbers. You dont technically have to put your ip over the backbone either if you understand how to proxy but thats just another layer and most people type .com We could get into host records and DNS caching to...

QUOTE (Sengir @ May 16 2014, 12:56 AM) *
VOIP device registers itself with the SIP server, SIP server therefore knows the IP address of the device. Once you have the IP address, tell the telco to turn over the identity of the subscriber (including billing address) who had this IP assigned at that time.


IPv4 tracking is a mixed bag because we didnt expect to run out so the regional breakup can be somewhat cryptic at times. If I request 100 IPs I may get 2 from one subnet, 50 from another etc etc. Since most people dont need internet facing IPs you end up with alot of NAT traffic to which means contacting the ISP to find out who owns an IP at any given time. Its not impossible (or even as hard as it may sound) just more overhead than phone IDs which are unique to the phone. IPv6 they claim wont have this issue since there are so many more. And someone is wondering so no formating and installing Linux wont disable this, flashing with your own BIOS, maybe I was new at the time so I dont know if it was in BIOS or another chip. I didnt even know such a thing was possible then, sounded like sci-fi to me.

QUOTE (KarmaInferno @ May 16 2014, 10:28 AM) *
Okay, as I said, my text messages to and from show up on 4 devices simultaneously. (Verizon has an app that mirrors all your text messages across all devices the app is installed on.)

Can the system tell which device I'm actually reading the texts on?

For an additional layer of obscurity, could another app be written that takes the text messages and forwards them to other sets of devices? Creating a daisy chain web of proxy devices that may or may not be near me?

Extrapolating further, could VOIP packets be obscured in a similar fashion?



-k


So it knows the aprox location of all devices that are on (and sometimes even when not on) If you browse a web page or send a txt back it would know that, or access the cloud. I assume by system you mean typical, not that some backend app is on recording you or some such thing. I dont know of any way to "see" you at that point (but it may exist), however if you so much as move the device it "could" figure out that someone is moving it. Daisy chaining or proxy isnt really a good solution because it slows down your reaction time and just adds a modest extra amount of time to trace. Its great for the movies but if someone is actually looking for you with knowing your phone ID its just another hop. Its not like you can just swap sim cards or put in a fake mac because the carrier uses the unique identifier to give you service.


Heres a story, my first job was at IBM and we had a truckload of laptops stolen, well when connected to a network they tried to phone home, any network, tinny little packet basicly a custom single ping in laymans terms. The mother ship would give the all clear back or youve been stolen packet depending on what the database said. Anyways within a week of the theft the FBI brought them back. This was in the 90s, some phones are always connected, unless your out of range.
Sengir
QUOTE (tete @ May 23 2014, 09:48 AM) *
Uh yeah dude I know, I didnt want to get into how DNS works... I've been in computer security for along time for todays megacorps

Well, that would explain a lot.

But even the worst IT departments usually understand that subnets have nothing to do with querying the owner of an IP, that "NAT traffic" is not a synonym for "dynamic IPs", and that having to ask the provider is not a complication, but always required. So I kinda doubt it...
tete
QUOTE (Sengir @ May 23 2014, 05:48 PM) *
Well, that would explain a lot.

But even the worst IT departments usually understand that subnets have nothing to do with querying the owner of an IP, that "NAT traffic" is not a synonym for "dynamic IPs", and that having to ask the provider is not a complication, but always required. So I kinda doubt it...


Internet facing subnets were designed to be regional (well from reading wiki, 1986/88 anyway which was before I started in IT as a systems administrator at IBM), Like Comcast Seattle has a block all in the same range which is a different block than Comcast Portland, in theory... but due to lack of them you can end up with X.X.10 /24 and X.X.250 /24 in Seattle but X.X.128 /24 in Portland. In theory IPv6 will again be regional. Regardless there are records of who owns what IPs so you can contact the ISP you trace it back to and then they can see who was asking for the requested site at a given time from whatever private or public IP they assigned you. NAT has nothing to do with dynamic but it allows private IPs to sit behind a public one, private IPs are not controlled therefore only the ISP knows who/where you are.

Once when I requested a block of Public from a ISP they have even handed me several /28 until I got the number i needed, the irony was I was missing one block in the middle or they could have just handed me a /26.

You can doubt it all you want im not trying to prove anything... Some things I dont want to risk jail time over (even if 90% is on the web somewhere). It was very tough to go through working for alphabet agencies back to megacorps due to what I could actually talk about and not talk about. So feel free to think I know nothing smile.gif

[edit] Here are some links, for anyone who wants further reading.
http://en.wikipedia.org/wiki/Regional_Internet_registry
http://en.wikipedia.org/wiki/Geolocation_software
http://en.wikipedia.org/wiki/Public_IP
http://en.wikipedia.org/wiki/Pen_register
http://blogs.wsj.com/digits/2010/12/19/uni...bers-explained/

So here is some Comcast information from home

te-0-2-0-2-ur08.seattle.wa.seattle.comcast.net [68.87.207.9]
ae-20-0-ar03.seattle.wa.seattle.comcast.net [69.139.164.129]
he-1-8-0-0-10-cr01.seattle.wa.ibone.comcast.net [68.86.94.229]
he-0-11-0-0-pe04.seattle.wa.ibone.comcast.net [68.86.86.138]

Chances are the Seattle area has 68.86 so any device you within their subnet will be in the Seattle area. Id have to look at one of the databases to see how its devided up but I would guess (and this is just a guess mind you) that 68.86.0 to 68.86.128 is Comcast in the Seattle area but you see they also has 69.139 who knows how big or small this block is. Its doubtful then have a 69.139 in Seattle and another one in Florida but putting one in Portland the latency may not be that bad (and you get into "fun" persistent route management). Generally you try to keep your blocks "close" geographically to keep broadcasts and other traffic from going everywhere.
RHat
Small point: Given the network structure involved, and the ad-hoc nature of the network, IPv4 and IPv6 aren't really relevant to the discussion - you don't have that kind of managed structure or address assignment.
tete
QUOTE (RHat @ May 23 2014, 08:28 PM) *
Small point: Given the network structure involved, and the ad-hoc nature of the network, IPv4 and IPv6 aren't really relevant to the discussion - you don't have that kind of managed structure or address assignment.


I made the assumption that the VOIP (in question) was using IPv4, when asked about tracking VOIP and brought up IPv6 because it should be easier to track location than IPv4 because of the way they hand out the IPs and they wont run out for awhile. Though personally I believe we will run out again eventually and be back into a NAT world with some blocks of IPs being regionally divided.
RHat
QUOTE (tete @ May 23 2014, 02:05 PM) *
I made the assumption that the VOIP (in question) was using IPv4, when asked about tracking VOIP and brought up IPv6 because it should be easier to track location than IPv4 because of the way they hand out the IPs and they wont run out for awhile. Though personally I believe we will run out again eventually and be back into a NAT world with some blocks of IPs being regionally divided.


Fair point; I was more referring to the context of how easily everything would be tracked in Shadowrun.
tete
Yeah I've stayed out of the "In the Shadowrun world" part of this thread as its about as real as Hackers or Tron as the more i learn about real life compute the less I think of Shadowrun Matrix in real world terms and tend to feel that you should do whats best for your game regardless of actual technology. If you want commlinks to be easy to find, go for it, if you want it to be very difficult, thats ok to. When I run SR4A encryption isnt worthless, because I find that to be a less fun game.
Tymeaus Jalynsfein
QUOTE (tete @ May 23 2014, 02:58 PM) *
Yeah I've stayed out of the "In the Shadowrun world" part of this thread as its about as real as Hackers or Tron as the more i learn about real life compute the less I think of Shadowrun Matrix in real world terms and tend to feel that you should do whats best for your game regardless of actual technology. If you want commlinks to be easy to find, go for it, if you want it to be very difficult, thats ok to. When I run SR4A encryption isnt worthless, because I find that to be a less fun game.


Agreed... smile.gif
Sengir
QUOTE (tete @ May 23 2014, 08:13 PM) *
Internet facing subnets were designed to be regional (well from reading wiki, 1986/88 anyway which was before I started in IT as a systems administrator at IBM), Like Comcast Seattle has a block all in the same range which is a different block than Comcast Portland, in theory... but due to lack of them you can end up with X.X.10 /24 and X.X.250 /24 in Seattle but X.X.128 /24 in Portland.

Here is how IP tracing is done, in three easy steps
1.) Record IP and date
2.) Get subpoena for information related to the IP
3.) ISP looks in his customer database who had that IP assigned at date X.

Did you notice the word "subnet" in there? Well, that's because it does not matter.

Yes, ISPs usually have different IP blocks for different locations, that's what those fancy "IP tracing" sites use. Law enforcement does not work that way -- or do you also think they can't trace you if you use an out-of-state license plate?


QUOTE
whatever private or public IP they assigned you. NAT has nothing to do with dynamic but it allows private IPs to sit behind a public one, private IPs are not controlled therefore only the ISP knows who/where you are.

Private IPs are not assigned, that's why they are called "private". They are what you use in your little home network and nobody outside sees a thing of it. That is the principle of NAT, when a device on your LAN talks to the internet its private IP gets replaced by the router's public IP, when the answer comes back the router forwards it to the original sender.

QUOTE
You can doubt it all you want im not trying to prove anything... Some things I dont want to risk jail time over (even if 90% is on the web somewhere). It was very tough to go through working for alphabet agencies back to megacorps due to what I could actually talk about and not talk about. So feel free to think I know nothing smile.gif

Wow, the classic "my absurd claims are totally true but I can't prove it because I'm a super secret agent" excuse? Thanks for the retro usenet feeling biggrin.gif
RHat
QUOTE (tete @ May 23 2014, 03:58 PM) *
Yeah I've stayed out of the "In the Shadowrun world" part of this thread as its about as real as Hackers or Tron as the more i learn about real life compute the less I think of Shadowrun Matrix in real world terms and tend to feel that you should do whats best for your game regardless of actual technology. If you want commlinks to be easy to find, go for it, if you want it to be very difficult, thats ok to. When I run SR4A encryption isnt worthless, because I find that to be a less fun game.


Yeah, I've just learned to assume a few fundamental premises are different, so that most of the stuff that seems "wrong" can be left be.
RHat
QUOTE (Sengir @ May 23 2014, 06:29 PM) *
Here is how IP tracing is done, in three easy steps
1.) Record IP and date
2.) Get subpoena for information related to the IP
3.) ISP looks in his customer database who had that IP assigned at date X.


Technically, that would be a form of referencing, not a trace.
tete
QUOTE (Sengir @ May 24 2014, 01:29 AM) *
Here is how IP tracing is done, in three easy steps
1.) Record IP and date
2.) Get subpoena for information related to the IP
3.) ISP looks in his customer database who had that IP assigned at date X.

Did you notice the word "subnet" in there? Well, that's because it does not matter.

Yes, ISPs usually have different IP blocks for different locations, that's what those fancy "IP tracing" sites use. Law enforcement does not work that way -- or do you also think they can't trace you if you use an out-of-state license plate?



I think I found the problem here your talking about after the trace, I'm talking about the actual trace. Out of state would just be a proxy. If I'm running a trace against someone who has hacked my system I can use the regional IP information to figure out where they are but (as I stated) its inaccurate. This is where the subnets come in. All of this is prior to step 1.

As for the private/public thing, some ISP hands out private IPs to homes that dont pay extra for a public IP. I've seen this done since the late 90s, your pretty safe as a business using a 10. in this manner as most home routers are going to use class C by default and anyone who knows how to change it isnt going to use a 10. internal with a 10. external...

[edit]

It also occurred to me that we may be talking about different situations. I'm talking about tracing as related to a manhunt where you already know mr X is a criminal who accesses site A on a regular basis. As the whole conversation came out of cell phone tracing and IPs came in with VOIP. When mr X accesses site A after you get your trace your going to immediately contact local offices to put agents on it.

QUOTE (Sengir @ May 24 2014, 01:29 AM) *
Wow, the classic "my absurd claims are totally true but I can't prove it because I'm a super secret agent" excuse? Thanks for the retro usenet feeling biggrin.gif

there are documents you have to keep in the safe that make no sense because everyone knows that information but its still has to go in there due to policy. Which is why I said 90% of it you can find on the web somewhere, it wasnt super secret stuff, I'm just not allowed to talk about it.
kzt
Tracing the actual source IP of an attack run through proxies can be quite difficult, it is often effectively impossible.

However, you can't receive a phone call like that, as the caller needs to be able to automatically build a path from their device to your device. Which is why carrying around a working phone when doing things that will get lots of people with guns and money looking for you is a bad idea.
Sengir
QUOTE (tete @ May 24 2014, 07:34 PM) *
I think I found the problem here your talking about after the trace, I'm talking about the actual trace.

That is because the "actual trace" as seen in countless movies (and the SR rules) actually does not happen. Locating a phone number or IP has nothing to with tracing it over various hops while trying to keep the subject talking, it is a simple database lookup.

QUOTE
there are documents you have to keep in the safe

...but how the internet works is not one of them. I suggest Tanenbaum's Computer Networks for a good intro
Koekepan
I know I'm late to this particular party, but after catching up with the thread I'll add a few nuggets since I'm actually quite familiar with mesh networking and the security implications, on a theoretical as well as practical level. (Footnote: discrete mathematics is not my favourite pastime, which is why I've largely moved on in my career.)

First, the information theoretical consequences:

  • The network, as a gestalt system, HAS to know where the destination of a transmission is (and this is true regardless of whether you're using packet technologies or not) because if it doesn't, it can't send the data where it has to be. Period. No known destination? No comms. Just a frownyface on your commlink's display. Bear in mind that if you have a small network of gear which talks to nothing else, this only applies within your mini-mesh.
  • The proximal mesh node(s) to your device's location HAVE to know that you're there, otherwise they can't talk to you which means other nodes can't talk to you, which means nobody can talk to you. So anyone who has access to the information state of the mesh nodes proximal to you has a pretty good idea of where you are, within the limits of triangulation. (Corollary: If you're working through satellite only, and ignoring all other mesh nodes, your latency might be high but the satellite is not very helpful in pinpointing your location.)
  • Distant (in networking terms) nodes which can reach your device don't know necessarily where you are (in fact it's demonstrably inefficient, in information theoretical terms, to the point of mathematical infeasibility as the network grows because of power law relationships between network size and communication overheads, compared to net communication capacity) but do know, or must be able to rapidly find out where to point to reach you; in other words, they have to be able to route to you.


These facts have some consequences. For instance, someone doesn't necessarily have to be able to reach your proximal networking environment. With an adequate (statistically speaking) insight into the behaviour and characteristics of backbone nodes they can (rapidly) infer your current networking context and establish which your proximal routing nodes are most likely to be. If they're determined, in Shadowrun terms, to get to you, a hacker/decker (version dependent) strike team can even try to get closer.

So what about proxies, as opposed to clear routing? Sure, a proxy can send encapsulated data to a range of its clients, and assuming functional encryption (excuse me while I point at the Shadowrun canon and laugh until I wet myself) one could possibly infer a range of possible destinations, but the more popular a proxy (assuming the proxy is, in security terms, honest and inviolate) the harder this process of inference becomes. If the proxy is compromised, it's no better than a regular routing node and possibly worse for the privacy of those with something to hide.

What about address hopping? Well, it turns out that if you're strictly a client node (i.e. establishing outbound data connections) that's fine. You can even use session persistence techniques (which are pretty much ubiquitous in synchronous, unstable network contexts anyway) to have your connection survive link drops and recreation. The downside is that your server side (which can be both ends, in peer to peer arrangements) needs a known address. Can you square this circle? Yes, you can, by privately arranging and communicating your next address before an address hop. Is this perfect? No, because someone who is close enough in networking terms to observe the traffic (such as someone controlling the building mesh nodes through which you're communicating, i.e. your target's spiders) can also observe the changing addresses and infer directly which continuing network connections are which.

The bottom line: if you don't want mesh networking to give away your location (and by cross-checking data, your identity) you need either:

  • Rock solid, inviolate, utterly trustworthy encryption combined with a rock solid, inviolate, utterly trustworthy proxy of such popularity that the mere presence of its data is not an indicator of nefarious activity by itself.
  • Communications working through proximal nodes of such a nature that the signal will not be observed by alternatives (think tight beam, laser, and so on), and where the proximal nodes do not usefully give location data through their activities (such as satellites).
  • Rigidly enforce network isolation, combined with total out of band silence (such as an optic fibre between smart goggles and a smartlinked gun).
  • Rigidly enforced comms silence.


Of course, some of these options are suspicious of themselves - if you're supposed to have a networking identity and there isn't one, or there are strange discontinuities, those are exactly the sort of things which would flag an event.

There are some ways of avoiding certain kinds of trouble. Example:

  1. Shadowrunning team arrives at rendezvous point, in the clear, with networking IDs which are not suspicious.
  2. Shadowrunning team leaves commlinks in place in circumstances which aren't suspicious - perhaps in an autopiloted van which cruises the highways while they get nefarious.
  3. Shadowrunning team gets into their action gear, including their combat-ready electronics.
  4. Shadowrunning team engages in ten minutes of sneaking, thirty seconds of mayhem then decamps.
  5. Shadowrunning team goes through total radio silence including a shutdown and readdressing of all their (assumed compromised) work-related networked gear.
  6. Shadowrunning team picks up their street electronics and rides off into the barrens.
kzt
Seems good, but don't trust that a satcom phone can't be located. A Satcom node needs a powerful signal to get to orbit, and can been seen by all the other sats in orbit. Like the NSA's ComInt birds that were used in the 70s to pick up mobile phone traffic in Russia. These sort of sats can RDF satcom (or, for that matter, any radio traffic) and locate it to a few meters, if you somehow manage to do something to make their priority collection schedule.
Koekepan
QUOTE (kzt @ May 25 2014, 10:39 PM) *
Seems good, but don't trust that a satcom phone can't be located. A Satcom node needs a powerful signal to get to orbit, and can been seen by all the other sats in orbit. Like the NSA's ComInt birds that were used in the 70s to pick up mobile phone traffic in Russia. These sort of sats can RDF satcom (or, for that matter, any radio traffic) and locate it to a few meters, if you somehow manage to do something to make their priority collection schedule.


Oh yes, I'm well aware of a number of ways in which they can be located, but there are ways of mitigating those effects, at least (which reduces triangulation by multiple satellite). Granted, this rests on a whole bunch of assumptions, most of which are very questionable (your typical satellite-capable radio, as you point out, is very powerful which implies a lot of signal leakage in typical formats) but I was more pointing out the edges of where some normally valid ways of tracking down radios are less valid.
tete
QUOTE (Sengir @ May 25 2014, 01:44 PM) *
That is because the "actual trace" as seen in countless movies (and the SR rules) actually does not happen. Locating a phone number or IP has nothing to with tracing it over various hops while trying to keep the subject talking, it is a simple database lookup.


...but how the internet works is not one of them. I suggest Tanenbaum's Computer Networks for a good intro


This will be my last post on the topic regardless of what you come back with so feel free to slam away. Yes, its nothing like the movies unless you enjoy spending thousands on your packet sniffer just to see pretty graphics. How would you handle looking past gateways or proxies? Where you tap the wire is probably the most critical point in the process. While pathping and traceroute dont do much in finding real intruders its still a valuable tool to see the hops, especially when the attacker shows up as on your subnet and you network has enough subnets to make your head spin. A database lookup with network maps is going to take alot longer than a traceroute.

I own that book smile.gif Its a good book, little heavy on theory but most college books are. It sits inbetween my Unix Administrators Handbook and Data Abstraction and Problem Solving with C++. Its pretty much the standard for networking books much like Flyod is for Electrical Engineering. For a good intro I'm recommending Practical Packet Analysis by Chris Sanders, not because its great at intrusion detection but because it goes into real world scenarios of where you need to tap the wire. Which IMHO the hardest part.
Sengir
QUOTE (tete @ May 26 2014, 09:13 PM) *
While pathping and traceroute dont do much in finding real intruders its still a valuable tool to see the hops

...which is nice for network troubleshooting. We are not talking about customer support, we are talking about locating the person behind an IP address. And by "locating" I don't mean the "he's in Seattle" kind of output those geolocation toys provide by looking up the public information associated with an IP range. I mean an address to which a summons or SWAT can be sent.

What you are talking about is the equivalent of county/town codes in license plates -- it gives a general idea of where the car was registered (which in case of company cars may be far away from the actual driver's residence) but nothing more. Actually locating an IP address is the equivalent of looking up a license plate at the DMV to get the driver's name and address.
kzt
QUOTE (Sengir @ May 27 2014, 04:09 AM) *
What you are talking about is the equivalent of county/town codes in license plates -- it gives a general idea of where the car was registered (which in case of company cars may be far away from the actual driver's residence) but nothing more. Actually locating an IP address is the equivalent of looking up a license plate at the DMV to get the driver's name and address.

Except they don't work that way.

Remember when Southwest Airlines used to hand out reusable plastic boarding order tickets at the airport as you showed up for your fight, which they collected at the gate and gave out to the the people waiting for the next flight? The ticket is an IP address. It doesn't "belong" to anyone, it gets handed around to various people all the time. There is no DMV to go to. In order to find any more data you have to go to the people that run that particular network and ask them who was using that IP at a given moment. And they won't usually have a name associated with the IP, they will have a MAC address, which is trivially changeable by anyone who wants to. This assumes they have records at all, which is not a safe assumption.

So now you know that MAC 1234:5678:9ABC was associated to access point 245-4b-AP5 from 6:00pm to 6:15pm. Does that tell you anything about where the device with that MAC was? Not really, as all it means is that they had radio line of site to an antenna on that radio. That could be because they were sitting in the room with the AP (which again requires that someone running the network show you where that is, you won't find a DMV of AP locations) or it could be because they are using a Pringles can directional antenna from a km away.
Sengir
QUOTE (kzt @ May 28 2014, 07:24 PM) *
The ticket is an IP address. It doesn't "belong" to anyone, it gets handed around to various people all the time. There is no DMV to go to. In order to find any more data you have to go to the people that run that particular network and ask them who was using that IP at a given moment. And they won't usually have a name associated with the IP

Oh yes they do. They are not yet legally mandated to do so but all the big telcos do it anyway for a few weeks -- because it's not forbidden, either. Officially for "billing purposes" (because you pay per connection, don't you?), more realistically because won't somebody think of the RIAA children?!


QUOTE
they will have a MAC address, which is trivially changeable by anyone who wants to.

More importantly, the MAC address only exists between two communicating devices, therefore retaining it would be completely useless in the age where everybody has a router between his PC and the ISP's network. The only place which stores MAC addresses are network switches, to determine which device is connected to which port.

(At least in the past, some ISPs also checked you only connected MACs belonging to their hardware to your line. Like you said, not a particularly effective effort)
kzt
QUOTE (Sengir @ May 28 2014, 11:43 AM) *
Oh yes they do. They are not yet legally mandated to do so but all the big telcos do it anyway for a few weeks -- because it's not forbidden, either. Officially for "billing purposes" (because you pay per connection, don't you?), more realistically because won't somebody think of the RIAA children?!

I've got 5000 or so devices on my guest network on a normal day and there is no information on who this is other then what the DHCP server collects. Which is the MAC address and usually the device name. If you are billing them you might want more, but that isn't how ours works.
tete
QUOTE (kzt @ May 28 2014, 11:03 PM) *
I've got 5000 or so devices on my guest network on a normal day and there is no information on who this is other then what the DHCP server collects. Which is the MAC address and usually the device name. If you are billing them you might want more, but that isn't how ours works.


I'm making a couple assumptions here but how big is your area for these devices (in sq miles or what not) that talk to the same DHCP scope? (just curious) I'm assuming this is something like starbucks hotspots or something similar. Mostly I'm curious if the same scope handles different cities or even states.
RHat
QUOTE (Sengir @ May 25 2014, 07:44 AM) *
That is because the "actual trace" as seen in countless movies (and the SR rules) actually does not happen. Locating a phone number or IP has nothing to with tracing it over various hops while trying to keep the subject talking, it is a simple database lookup.


I think part of the point ehre is the question of what happens when that database lookup, for one reason or another, cannot be achieved.
kzt
QUOTE (tete @ May 29 2014, 11:59 AM) *
I'm making a couple assumptions here but how big is your area for these devices (in sq miles or what not) that talk to the same DHCP scope? (just curious) I'm assuming this is something like starbucks hotspots or something similar. Mostly I'm curious if the same scope handles different cities or even states.

It's a chunk of a university campus. About 4 million square feet of buildings plus the outdoor areas between them. It's one MS DHCP server cluster (but not for long) and one huge IP block that gets cycled through with a really short lease time.
psychophipps
Of course, there will be a market for a provider that doesn't share their info with anyone. Please keep in mind that the Shadowrunning *and* high-profile/celebrity markets have a vested interest in making a trace of their commlink use as difficult as possible. Multiple providers will eventually offer this service and sooner or later it will become the expectation of the customer base.

To be honest, I really prefer this idea as it basically forces the issue of real-time tracing which really cuts down on the "from the comfort of my own conapt" for tracing activities at a hacker/spider's leisure.
Sengir
QUOTE (kzt @ May 29 2014, 12:03 AM) *
I've got 5000 or so devices on my guest network on a normal day and there is no information on who this is other then what the DHCP server collects. Which is the MAC address and usually the device name. If you are billing them you might want more, but that isn't how ours works.

As you might have noticed from the fact that I talked about ISPs, I was talking about locating a (public) IP. Because that is what the world (including Eve) sees. If that location turns out to be insufficient because it's just the gateway to a larger campus network, it obviously takes a bit of extra effort. In most cases, that extra effort would be a bit of packet sniffing to find the internal IP of the target and then check the RADIUS or other authentication service for an identity. Worst case would be a bit of manual scanning with an HF antenna, not exactly rocket science either wink.gif
RHat
QUOTE (psychophipps @ May 29 2014, 04:12 PM) *
Of course, there will be a market for a provider that doesn't share their info with anyone. Please keep in mind that the Shadowrunning *and* high-profile/celebrity markets have a vested interest in making a trace of their commlink use as difficult as possible. Multiple providers will eventually offer this service and sooner or later it will become the expectation of the customer base.

To be honest, I really prefer this idea as it basically forces the issue of real-time tracing which really cuts down on the "from the comfort of my own conapt" for tracing activities at a hacker/spider's leisure.


The thing is, in Shadowrun, I'm not sure if structurally that database is at all possible.
psychophipps
QUOTE (RHat @ May 29 2014, 06:52 PM) *
The thing is, in Shadowrun, I'm not sure if structurally that database is at all possible.


Good point. But if someone does coming sniffing from an outside party, the knowledge that the inquiring party will be told off is comforting.

Of course, there is a point to be made with the term "outside party" as I am quite sure that at least one team of 'Runners had thought of everything except their commlink subscriber being a subsidiary of the company they last ran an op against and woke up with a carbine barrel firmly pressing against their eye socket...
RHat
QUOTE (psychophipps @ May 29 2014, 06:59 PM) *
Good point. But if someone does coming sniffing from an outside party, the knowledge that the inquiring party will be told off is comforting.

Of course, there is a point to be made with the term "outside party" as I am quite sure that at least one team of 'Runners had thought of everything except their commlink subscriber being a subsidiary of the company they last ran an op against and woke up with a carbine barrel firmly pressing against their eye socket...


There's actually an MSP written up in Unwired where that's not at all a concern - Anarchist Black Something, I think.
kzt
QUOTE (RHat @ May 29 2014, 06:09 PM) *
There's actually an MSP written up in Unwired where that's not at all a concern - Anarchist Black Something, I think.

Yes, there is a market for deep dark secrets that people think they are keeping only between themselves. Which is why it's actually, though multiple layers of cutouts, controlled by Aztechnology. wink.gif
tete
QUOTE (RHat @ May 30 2014, 12:52 AM) *
The thing is, in Shadowrun, I'm not sure if structurally that database is at all possible.


Shadowrun also assumes Megacorps dont work together... Which just goes to show reality != fun game.

but to your point, Sat link maybe, but encryption still sucks so... no
RHat
QUOTE (tete @ May 30 2014, 12:22 AM) *
Shadowrun also assumes Megacorps dont work together... Which just goes to show reality != fun game.

but to your point, Sat link maybe, but encryption still sucks so... no


I don't think you're catching my point - what I'm getting at is that I'm not certain if such a database can ever exist in a ad hoc mesh network environment. Having that database would be based on the idea of assigning addresses to people, but if something can just pop up on the network without needing to be associated with any sort of advanced registration (see: ad hoc), I'm thinking that database is formally impossible.
Koekepan
QUOTE (RHat @ May 30 2014, 09:07 AM) *
I don't think you're catching my point - what I'm getting at is that I'm not certain if such a database can ever exist in a ad hoc mesh network environment. Having that database would be based on the idea of assigning addresses to people, but if something can just pop up on the network without needing to be associated with any sort of advanced registration (see: ad hoc), I'm thinking that database is formally impossible.


You are right. It is formally impossible.

However, if you know enough about the backbone and you have multiple points of access to the network for generating test streams, you can perform pretty useful statistical analysis to find the likeliest locus for network access, which is a lot better than an atlas, a blindfold and a few darts.
tete
QUOTE (RHat @ May 30 2014, 07:07 AM) *
I don't think you're catching my point - what I'm getting at is that I'm not certain if such a database can ever exist in a ad hoc mesh network environment. Having that database would be based on the idea of assigning addresses to people, but if something can just pop up on the network without needing to be associated with any sort of advanced registration (see: ad hoc), I'm thinking that database is formally impossible.


Ahhh YES!!!! I keep forgetting Shadowrun is in love with Ad Hoc...
psychophipps
There has to be a database somewhere or there would be no way to route the calls, or perhaps more importantly the billing, to the right commlink out of the gazillions of connected devices.
kzt
QUOTE (psychophipps @ May 30 2014, 09:50 AM) *
There has to be a database somewhere or there would be no way to route the calls, or perhaps more importantly the billing, to the right commlink out of the gazillions of connected devices.

Yes, essentially it's the NAT problem. So unless there is some sort of global database nobody can call you on your comlink. This might well be solved the same way nat is "solved" by malware, which is that the end device keeps recreating a tunnel out to some fixed site on the global network that allows people to reach the end device. The fixed site is your phone provider.
RHat
QUOTE (psychophipps @ May 30 2014, 10:50 AM) *
There has to be a database somewhere or there would be no way to route the calls, or perhaps more importantly the billing, to the right commlink out of the gazillions of connected devices.


Actually, I can think of ways to solve that problem - for example, there could be a sort of call-response model, where your commlink (or whatever device) is listening for communications intended for it, and completes the connection when it picks up on it. In a decentralized global ad-hoc environment, a model like that would probably be required.

And when it comes to billing, you're not getting billed on a device level at this point, but an a grid-account level - the public grid is free, remember?
Koekepan
It is entirely possible to find items with known addresses across an ad hoc network.

If you want to think of it in terms of a global database (which is not an apt mental model), then the collective topological knowledge of all the nodes in your network constitute the database, and the problem reduces to remote information queries.

If you have communicated with your identity, then the information of your identity's location is cached by those nodes which conveyed the information.

I could go on for hours about it, but the basic is: it's possible, it's mathematically feasible, and it will work more or less as described.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012