An article on c|net reports some research done at UCSD and CAIDA that they (c|net) claim has the potential to identify physical computers by their clock skew, even if they are behind network address translation devices or firewalls. The techniques are based on analyzing the timestamps that are put into TCP packets.
I have only read about a third of the paper, but so far, I think this has limited utility. Above all else, TCP does not require timestamps to operate, so anyone who cares about anonymity will just disable the feature, or use computers without the feature. Perhaps in the short term, this sort of thing might be useful for identifying spammers who have a long history of contacting certain sites, but only until they disable TCP timestamps.
BTW, score one for Google on this. I did a query for
+kohno +tcp +fingerprinting
at Ask Jeeves, Google, and Yahoo hoping to find the mailing list where this had been mentioned. Google provided NANOG as the first result. The other two didn't mention NANOG (at least in the first couple of results pages). Ask Jeeves had a sponsored link that was highly irrelevant (imho), losing them a point with me as far as using them for future results. (Interesting that they recently won a syndicated search contract to serve search results to Lycos once held by Yahoo. Granted, this is an unusual query.) There was no followup discussion to the post, reinforcing my feelings that this research isn't likely to go very far.
Still no French. Since this sort of thing is potentially important to my career (at least as far as understanding how something like this works, even if it has limited utility), such as it is, I must spend extra time on it. Oh well. C'est la vie.
I have only read about a third of the paper, but so far, I think this has limited utility. Above all else, TCP does not require timestamps to operate, so anyone who cares about anonymity will just disable the feature, or use computers without the feature. Perhaps in the short term, this sort of thing might be useful for identifying spammers who have a long history of contacting certain sites, but only until they disable TCP timestamps.
BTW, score one for Google on this. I did a query for
+kohno +tcp +fingerprinting
at Ask Jeeves, Google, and Yahoo hoping to find the mailing list where this had been mentioned. Google provided NANOG as the first result. The other two didn't mention NANOG (at least in the first couple of results pages). Ask Jeeves had a sponsored link that was highly irrelevant (imho), losing them a point with me as far as using them for future results. (Interesting that they recently won a syndicated search contract to serve search results to Lycos once held by Yahoo. Granted, this is an unusual query.) There was no followup discussion to the post, reinforcing my feelings that this research isn't likely to go very far.
Still no French. Since this sort of thing is potentially important to my career (at least as far as understanding how something like this works, even if it has limited utility), such as it is, I must spend extra time on it. Oh well. C'est la vie.
- Current Mood:
busy
Profile
gregbo- gregbo
- gregbo's homepage
Comments