CSI blows us away



  • I know I shouldn't rip into tv shows seeing as their goal is entertainment, not scientific accuracy. Still in this day and age you'd think they'd at least try to make an effort. I was watching a recent CSI NY episode where the killer has kidnaped a blogger and is making him post on his blog while he carves up his latest victim in front of him. While this is happening the CSIs are monitoring the blog trying to find where he is when one of them comes up with the following and I quote:

    "I'll make a GUI using Visual Basic. See if I can track an IP."

    Count how many WTFs they managed to fit into this. Go on. I dare ya.

    Later when she presumable makes the GUI they still have trouble. Aparently the blogger is not posting in real-time. Rather he completes a post and then uploads it. This only takes a few seconds each time and as such there isn't enough time to pinpoint the IP address. *groan*

     In any case our VB-writting CSI is not a complete novice. She manages to narrow down the killer's location. How does she manage that you ask? Well, the GUI must have got part of the IP and since IP addresses (like telephone numbers) are assigned geographically she finally discovers that "he is blogging somewhere  in midtown."



  • @DOA said:

    "I'll make a GUI using Visual Basic. See if I can track an IP."

    Count how many WTFs they managed to fit into this. Go on. I dare ya.

    TRWTF is that I didn't get the real meaning of GUI the whole time. I never knew that the acronym actually stood for "General Utility for IP adress recovery".





  • @DOA said:

     In any case our VB-writting CSI is not a complete novice. She manages to narrow down the killer's location. How does she manage that you ask? Well, the GUI must have got part of the IP and since IP addresses (like telephone numbers) are assigned geographically she finally discovers that "he is blogging somewhere  in midtown."
     

    TRWTF is that you think IPs aren't assigned geographically.  How do you think those adultfriendfinder.com ads always show you girls in "your area".  (sure, they're wrong every now and then and think I live in seattle.... but the same could be said of phone numbers.  I have an 804 area code in TX).  If she feasibly got enough of an IP address, she could narrow it down to a range owned by a single ISP, for example.



  • @DOA said:

    "I'll make a GUI using Visual Basic. See if I can track an IP."
     

    Oh yes. I saw the same show and that line was painful to watch. I don't expect much from TV/Movie IT, but that's sure set a new low for the show.

    /Could be worse.  CSI: Miami.



  • @vt_mruhlin said:

    TRWTF is that you think IPs aren't assigned geographically.  How do you think those adultfriendfinder.com ads always show you girls in "your area". 
     

    Heck, even if you didn't you could geo-locate IPs that way, pretty much all dsl/cable ISPs seem to love encoding a general (or even pretty specific) location in the IP's hostname. A simple reverse lookup and you can go "oh, hey, that IPs in Los Angeles" or whatever. 

    My fave CSI WTF is when they take some crappy surveillance camera footage - you know, bad quality camera, very poor/bad/non-existence lighting, and zoom in 5,000,000x to read a license plate 2 miles down the street with perfect clarity. Amazing what you can do with enhancement algorithms, even if the item you're looking at was much smaller than a single pixel in the original image.

    Or even in one case, somehow manage to "look around a corner" to spot a perp who was behind a wall, complete out of sight of the camera. 



  • @chrisb said:

    Video link (YT: CSI New York "VB GUI Interface")


    TRWTF is that she said she'll create a "GUI Interface".


  • @vt_mruhlin said:

    TRWTF is that you think IPs aren't assigned geographically.
    They are to a certain extent, but let's face it, you can't find someone's location within a city based solely on his IP. Unless of course there's some sort of odd differentation in the city you live in.



  • @vt_mruhlin said:

    TRWTF is that you think IPs aren't assigned geographically.  How do you think those adultfriendfinder.com ads always show you girls in "your area".  (sure, they're wrong every now and then and think I live in seattle.... but the same could be said of phone numbers.  I have an 804 area code in TX).  If she feasibly got enough of an IP address, she could narrow it down to a range owned by a single ISP, for example.

    In my case I'm using the larges ISP in the country and getting only the ISP would mean that you know in which country I live not the region nor the city. The way they could improve the show and make it a bit less WTFish would be to log to the ISP through super secret back door access and get my account number based on IP, again in my situation I have static IP and inet account is linked directly to my phone number so even if I want to use my account on some other place I can't.



  • @vt_mruhlin said:

    TRWTF is that you think IPs aren't assigned geographically.  How do you think those adultfriendfinder.com ads always show you girls in "your area".  (sure, they're wrong every now and then and think I live in seattle.... but the same could be said of phone numbers.  I have an 804 area code in TX). 

    Well, technically, to split hairs, IPs aren't "assigned geographically" - they're assigned by and to entities that, incidentally, seem to have geographical presence, according to some registry somewhere. (Why would anyone care about that stuff anyway? Physical locations are so last century!)

    Last I checked, geolocation was mostly based on educated guesses, such as "IP block such-and-such is assigned to a company located in X" - all based on bits and pieces of information that get refined as time goes by ("ARIN said this IP address range belongs to the Miskatonic University, Arkham, MA, but this particular sub-range is actually used for their base in Antarctica.") And sometimes, someone uses IP that's supposed to be elsewhere. Which is exactly why you get so wildly inaccurate results for major ISPs every now and then. =) And then there's VPNs and whatnot... good grief.

    @vt_mruhlin said:

    If she feasibly got enough of an IP address, she could narrow it down to a range owned by a single ISP, for example.

    Yeah, though one would assume it'd be simpler for the law enforcement to just look up the IP address, go ask the ISP who used that IP at the given time, and look the guy up from the big old file. Much more tried-and-true than "hey, ip2location.com says the guy is in the North Pole. Send the SWAT there!"



  • @WWWWolf said:

    Last I checked, geolocation was mostly based on educated guesses, such as "IP block such-and-such is assigned to a company located in X"
     

    Only for ISPs who won't give^H^H^H^Hsell their own internal geo-IP data to the geolocation aggregators. It's a business like any other. The aggregators throw some bucks at owners of IP blocks in exchange for geo data, and resell the info for a profit. If it was completely done by guesswork, then the information would be next to useless for any kind of real work requiring location data.

    @WWWWolf said:

    "ARIN said this IP address range belongs to the Miskatonic University, Arkham, MA, but this particular sub-range is actually used for their base in Antarctica.")

    That kind of fragmentation would nedlessly complicate the routing tables, unless Miskatonic was going to shell out the $ to run a wire down there. IPs are concentrated geographically for just that reason. Bigger routing tables makes life hell on the backbone providers, though Cisco/Juniper will be more than happy to sell you the ever-bigger iron required to handle such large tables. 



  • My personal favorite is whichever show had the villain hiding important information in one of the Prince of Persia games.


  • Discourse touched me in a no-no place

    @Cap'n Steve said:

    Prince of Persia
    http://forums.thedailywtf.com/forums/p/7505/140631.aspx#140631 that one?



  • @PJH said:

    @Cap'n Steve said:

    Prince of Persia
    http://forums.thedailywtf.com/forums/p/7505/140631.aspx#140631 that one?

    The video linked from the article you're referencing does no longer exist ("removed due to copyright violation"). Care to give us some explanation?

    PS: That is one of the reasons why I hate people just posting links to media content without at least briefly paraphrasing the essence of what's to be seen there...



  • @PJH said:

    @Cap'n Steve said:

    Prince of Persia
    http://forums.thedailywtf.com/forums/p/7505/140631.aspx#140631 that one?

    Tht must be where I originally saw it. I couldn't find it on youtube, probably because I'm not sure if it was CSI or some other show, but just picture a room full of investigators intently watching one guy play and die repeatedly. Then he gets to a certain point and some type of file manager opens up.



  • @MarcB said:

    My fave CSI WTF is when they take some crappy surveillance camera footage - you know, bad quality camera, very poor/bad/non-existence lighting, and zoom in 5,000,000x to read a license plate 2 miles down the street with perfect clarity. Amazing what you can do with enhancement algorithms, even if the item you're looking at was much smaller than a single pixel in the original image.

    Or even in one case, somehow manage to "look around a corner" to spot a perp who was behind a wall, complete out of sight of the camera. 

     

     

    In one of the few episodes I've seen they waved a Star Trekky device near a christmas tree and it displayed "100% carbon" or some such - indicating that the dangling bauble was in fact the missing diamond.

    Soon afterwards, I read a comment from a lawyer (a UK crown prosecutor I think) complaining how shows like that are making it hard to get juries to accept _real_ forensic evidence.  Interstingly he said it cuts both ways:  they don't believe anything that doesn't claim to be 100% scientifically conclusive (whetever that means), and at the same time they're prepared to believe the wildest speculation if it's dressed up as the result of a scientific process.

     

     



  • @MarcB said:

    My fave CSI WTF is when they take some crappy surveillance camera footage - you know, bad quality camera, very poor/bad/non-existence lighting, and zoom in 5,000,000x to read a license plate 2 miles down the street with perfect clarity. Amazing what you can do with enhancement algorithms, even if the item you're looking at was much smaller than a single pixel in the original image
     

     That has annoyed me to no end ever since Blade Runner. Check out the research in this field though. The details that real people are able to recover from crappy camera footage is almost as unbelievable as the TV antics. Rather than just turning the sharpen filter up to 11, they use all the available low res frames of a subject to build a high res composite.

    The last time I saw CSI New York the entire episode was a Second Life WTF. Wait - I've never "played" Second Life, so I'm not sure if the WTF was CSI or Second LIfe.



  • @obediah said:

    The last time I saw CSI New York the entire episode was a Second Life WTF. Wait - I've never "played" Second Life, so I'm not sure if the WTF was CSI or Second LIfe.

    Ugh. Any time Hollywood shows anything on a computer I just want to cry. My favorite was probably in Minority Report, where they have these fancy computers you can control with your hands and stuff, but to transfer data from one computer to the one on the other side of the room, Tom Cruise had to transfer the data to a snazzy glass disk and walk it over to the other computer.



  • @bstorer said:

    My favorite was probably in Minority Report, where they have these fancy computers you can control with your hands and stuff, but to transfer data from one computer to the one on the other side of the room, Tom Cruise had to transfer the data to a snazzy glass disk and walk it over to the other computer.

    I don't know the movie, but for a high security environment, it can make sense to disallow networks.



  • @DarkAngl said:

    @vt_mruhlin said:

    TRWTF is that you think IPs aren't assigned geographically.  How do you think those adultfriendfinder.com ads always show you girls in "your area".  (sure, they're wrong every now and then and think I live in seattle.... but the same could be said of phone numbers.  I have an 804 area code in TX).  If she feasibly got enough of an IP address, she could narrow it down to a range owned by a single ISP, for example.

    In my case I'm using the larges ISP in the country and getting only the ISP would mean that you know in which country I live not the region nor the city.

     

    Remains to be seen.

    Post your IP.  Let's see how close I can track you down.  I reckon I'll be able to get at least the region and quite likely the city.

    (If you want to keep your IP private, send it to me using the forum's private mail feature rather than posting it publicly.) 



  •  I know for a fact that my IP allows you to determine that I live in 1 of the few hundred rooms on 3 sites owned by my college. It could be worse. I always pick my own hostnames; they default to the first part of your email address, meaning someone knowledgable can get your email based on your IP. One may even then be able to search on Facebook for that and thus get a real name.

    Of course this only applies to those knowledgable enough. Most locating things only get my city.



  • @obediah said:

    The details that real people are able to recover from crappy camera footage is almost as unbelievable as the TV antics
     

    This tech was used heavily in restoring the original Star Wars movies for the enhanced versions. Yep, amazing what you can recover by superimposing and melding multiple shots of the same thing from slightly different angles, but still, they don't do that in CSI. It's always a single still frame, it's always a totally crappy shot, and yet they always manage to recover shots of the boogers in the perp's nose, and do a DNA analysis of the snot by zooming in to the molecular level, even though the nostrils couldn't be seen in the original shot. 



  • @MarcB said:

    It's always a single still frame, it's always a totally crappy shot, and yet they always manage to recover shots of the boogers in the perp's nose, and do a DNA analysis of the snot by zooming in to the molecular level, even though the nostrils couldn't be seen in the original shot. 

    I seem to recall an episode of the original CSI wherein they got an image of a guy out of the reflection in someone's pupil in a photograph.



  • @brazzy said:

    I don't know the movie, but for a high security environment, it can make sense to disallow networks.
     

     Yes, because instead of allowing people to transfer files over a network, where I can do all sorts of snazzy encryption and monitoring, I would much rather they put it on a physical medium they can walk out of the building with.



  • @brazzy said:

    I don't know the movie, but for a high security environment, it can make sense to disallow networks.
    1. Security clearly wasn't of primary concern to them, because the police didn't remove a guy from their biometric security system when he was on the run from the law, nor after he was arrested and placed in jail.
    2. Really? Do firewalls mean nothing to you?



  • @vt_mruhlin said:

    @chrisb said:

    Video link (YT: CSI New York "VB GUI Interface")


    TRWTF is that she said she'll create a "GUI Interface".

    No, you misheard her. She said a gooey interface. You control the program by building things out of cookie dough.



  • @SuperousOxide said:

    She said a gooey interface.

    That's how I've always heard "GUI" pronounced. Do you spell it out?



  • @AbbydonKrafts said:

    @SuperousOxide said:
    She said a gooey interface.
    That's how I've always heard "GUI" pronounced. Do you spell it out?

    You misunderstand.

    If she ment GUI it would have been thus; "I'll build a GUI in VB..."  since the I in GUI means interface.

    Since she said "I'll build a gooey interface in VB..."  we know she means cookie dough. 

    To the ear these two seem identicle, it's only when you realize why she mentioned interface afterwards are you able to determine the true word used in the context given.



  • It's just a case of RAS Syndrome



  • @DOA said:

    "I'll make a GUI using Visual Basic. See if I can track an IP."
     

    Are you asserting this isn't possible? The advantage of using VB here is it can be coded during the next commercial break while the rest of you are deciding what to title your requirement document. ;-)



  • @Anonymouse said:

    The video linked from the article you're referencing does no longer exist ("removed due to copyright violation"). Care to give us some explanation?

    Basically they played the game up to some point in the game where there was a CG in-game movie that had a scene with big double doors opening then, an excel spread-sheet (or something like it) window appeared dead center of the screen with maybe 30% of full with/height and it enlarged to engulf the entire screen, while the doors slid off screen.



  • Was that the same episode with [url=http://thedailywtf.com/Articles/Retard-Rubber.aspx]IPv4.5[/url]?



  • @MarcB said:

    @WWWWolf said:

    "ARIN said this IP address range belongs to the Miskatonic University, Arkham, MA, but this particular sub-range is actually used for their base in Antarctica.")

    That kind of fragmentation would nedlessly complicate the routing tables, unless Miskatonic was going to shell out the $ to run a wire down there. IPs are concentrated geographically for just that reason. Bigger routing tables makes life hell on the backbone providers, though Cisco/Juniper will be more than happy to sell you the ever-bigger iron required to handle such large tables.


    IP networks are not organized geographically.  Generally you can find the geographic location of whatever router is broadcasting for that network, but not for the hosts behind it.  Now, in many cases the hosts will be nearby, but that is not always the case.  A WAN can span a wide geographic area but only contain one single IP network.  So WWWWolf's example was pretty much dead-on.


  • @MarcB said:

    @WWWWolf said:

    Last I checked, geolocation was mostly based on educated guesses, such as "IP block such-and-such is assigned to a company located in X"
     

    Only for ISPs who won't give^H^H^H^Hsell their own internal geo-IP data to the geolocation aggregators. It's a business like any other. The aggregators throw some bucks at owners of IP blocks in exchange for geo data, and resell the info for a profit. If it was completely done by guesswork, then the information would be next to useless for any kind of real work requiring location data.

    @WWWWolf said:

    "ARIN said this IP address range belongs to the Miskatonic University, Arkham, MA, but this particular sub-range is actually used for their base in Antarctica.")

    That kind of fragmentation would nedlessly complicate the routing tables, unless Miskatonic was going to shell out the $ to run a wire down there.

     

     

    Well, given the extraordinary and secretive nature of the work they do down there, I wouldn't at all be surprised if they (or rather their secret collaborators) were willing to foot such expenses. 



  • @morbiuswilters said:

    IP networks are not organized geographically.  Generally you can find the geographic location of whatever router is broadcasting for that network, but not for the hosts behind it.  Now, in many cases the hosts will be nearby, but that is not always the case.  A WAN can span a wide geographic area but only contain one single IP network.  So WWWWolf's example was pretty much dead-on.

    So true, but if the routers are configured even minimally to return thier location and they usually are for reasons of maintainence being able to find them,then a simple trace route on the IP address and reading the responses will get you pretty close.

    I've seen some networks that can get you down the street of where the guy is, so "somewhere downtown" is a reasonable answer, but not from the IP address but rather from a simple trace route.



  • @KattMan said:

    So true, but if the routers are configured even minimally to return thier location and they usually are for reasons of maintainence being able to find them,then a simple trace route on the IP address and reading the responses will get you pretty close.

    I'm not actually sure what this is supposed to mean.  The router might have its location set in the reverse DNS record or it might be in a GeoIP database.  The router itself doesn't return anything, though.

     

    @KattMan said:

    I've seen some networks that can get you down the street of where the guy is, so "somewhere downtown" is a reasonable answer, but not from the IP address but rather from a simple trace route.

    Sure, that's possible under certain circumtances, but it is in no way guaranteed.  Additionally, you need the IP address to do a traceroute.  All traceroute tells you is which routers the packets are going through at that moment in time.  That can be useful for finding geographic location, but may not be.



  • @morbiuswilters said:

    IP networks are not organized geographically ... A WAN can span a wide geographic area but only contain one single IP network
     

    Depends on how far you go back up the routing tree. If you deal only with (say) AT&T's backbone routers or a large-ish ISP, then yeah. the IPs for their infrastructure hardware will be spread out all over the country/world. But that kind of geographic dispersal is the exception, not the rule. If you look at the average cable/DSL ISPs's IPs, the ones assigned to the actual end-users are going to be concentrated and those are most likely to be the ones of most interest in geolocation.

    I don't care where my cable headend (or DSLAM) is actually located, or where the box hosting the gateway IP really is, just as long as it works. But an advertiser will most certainly care to be able to locate my modem's IP with as much detail as possible. Hulu will want to know whether you're in the U.S. or 20 feet past the 49th parallel and therefore "stealing" their precious content.



  • @bstorer said:

    I seem to recall an episode of the original CSI wherein they got an image of a guy out of the reflection in someone's pupil in a photograph.
    That's actually quite possible - given a high enough resolution photograph.

    @MasterPlanSoftware said:

    Yes, because instead of allowing people to transfer files over a network, where I can do all sorts of snazzy encryption and monitoring, I would much rather they put it on a physical medium they can walk out of the building with.
    Physical security is much easier to tighten up to an arbitrarily high level than network security, and does not as readily become completely meaningless due to unforeseen interactions or sheer stupidity.

    @bstorer said:

    1. Really? Do firewalls mean nothing to you?

    Please tell me you're joking. In case you weren't: Do exploits in server applications mean anything to you? Buffer overflows? SQL injection? How about web services?

    A firewall protects a network about as well as a wire fence protects a building: enough to make amateur burglars look elsewhere, but merely a nuisance to a determined and resourceful attacker.



  • @brazzy said:

    @bstorer said:
    I seem to recall an episode of the original CSI wherein they got an image of a guy out of the reflection in someone's pupil in a photograph.
    That's actually quite possible - given a high enough resolution photograph.
     

    Thanks Captain Obvious.

    @brazzy said:

    Physical security is much easier to tighten up to an arbitrarily high level than network security, and does not as readily become completely meaningless due to unforeseen interactions or sheer stupidity.

    Uh no.

    There is nothing inherently insecure about linking two computers together.

    @brazzy said:

    Do exploits in server applications mean anything to you? Buffer overflows? SQL injection? How about web services?

    And how would any of this matter if the computers in question have no access to the outside world?

    @brazzy said:

    A firewall protects a network about as well as a wire fence protects a building: enough to make amateur burglars look elsewhere, but merely a nuisance to a determined and resourceful attacker.

    Two things:

    1) You fail.

    2) Please stop.



  • @MarcB said:

    This tech was used heavily in restoring the original Star Wars movies for the enhanced versions.
    I think there's a bit of difference between film and magnetic tape or digital recording.@MarcB said:
    That kind of fragmentation would nedlessly complicate the routing tables, unless Miskatonic was going to shell out the $ to run a wire down there. IPs are concentrated geographically for just that reason.
    From what I've seen of my ISP, they have 2 IP ranges (84.255.192.0/18 and 89.212.0.0/16), and they randomly assign you the IP from one of these two networks regardless of your location (at work, we have an IP from the 89.212 range, the company next to us [whose fiber comes through the same channel - our optical converters are 20cm apart] has an IP from the 84.255.192 range; I know people from other cities with IPs from both these ranges, too). They also have no problems transferring your IP (assuming you didn't decide to use a dynamic one) from VDSL to fiber network. Which also explains why certain types of ads give me cities from all over the country.



  • @MarcB said:

    Depends on how far you go back up the routing tree. If you deal only with (say) AT&T's backbone routers or a large-ish ISP, then yeah. the IPs for their infrastructure hardware will be spread out all over the country/world. But that kind of geographic dispersal is the exception, not the rule. If you look at the average cable/DSL ISPs's IPs, the ones assigned to the actual end-users are going to be concentrated and those are most likely to be the ones of most interest in geolocation.

    I don't care where my cable headend (or DSLAM) is actually located, or where the box hosting the gateway IP really is, just as long as it works. But an advertiser will most certainly care to be able to locate my modem's IP with as much detail as possible. Hulu will want to know whether you're in the U.S. or 20 feet past the 49th parallel and therefore "stealing" their precious content.

    My point was that WWWWolf's original assertion was completely correct.  True, an ISP might sell a third-party information about the geographic location of an IP (assuming that IP wasn't dynamically-allocated across a large area) and you might be able to figure out where an IP is located by check where its router is located.  In many cases, this is close enough to be useful.  However, a company could easily have addresses within their IP network spread over an entire geographic area.  So IPs are not inherently organized geographically, it just happens that they can be.  Geographic location has absolutely nothing to do with the routing tables, either.  IP is logically organized, not physically organized. 



  • @MasterPlanSoftware said:

    @brazzy said:
    Physical security is much easier to tighten up to an arbitrarily high level than network security, and does not as readily become completely meaningless due to unforeseen interactions or sheer stupidity.

    Uh no.

    There is nothing inherently insecure about linking two computers together.

    Yes, there is, if one of them contains data that users of the other one should not have access to. And networks tend to creep, as many a company has found out that considered its network bullet-proof only to find an open WLAN or a shared ISDN dialup connection on some office PC.

    Do exploits in server applications mean anything to you? Buffer overflows? SQL injection? How about web services?

    And how would any of this matter if the computers in question have no access to the outside world?

    And what do firewalls have to do with preventing access to the outside world?

    A firewall protects a network about as well as a wire fence protects a building: enough to make amateur burglars look elsewhere, but merely a nuisance to a determined and resourceful attacker.

    Two things:

    1) You fail.

    2) Please stop.

     

    Your ignorance is truely pathetic.



  • @brazzy said:

    And what do firewalls have to do with preventing access to the outside world?

    I'm going to assume from that statement your knowledge of firewalls is limited to the POS of a firewall included with XP SP2, as that is the only firewall I know off hand that only blocks packets coming in. Every other firewall (like the one included with Vista) will allow you to block outgoing traffic as well. In fact if you get a real firewall (ISA, Astaro or an enterprise hardware firewall) its default configuration is block everything coming into any port (physical and logical). With that being said a firewall can block people from being able access external resources/networks if placed correctly.



  • sends MasterPlanSoftware and brazzy to their respective corners



    ... anyway, back on topic. Owing to some quirk of history, my IP address specifies my location down to at most a couple of buildings, given a reverse DNS lookup. I suspect the hostname given by rDNS may even be specific to the room. Something to do with the uni being an early adopter of that new-fangled interweb thingie and ending up with an entire class B or somesuch, I guess.



  • @brazzy said:

    Yes, there is, if one of them contains data that users of the other one should not have access to. And networks tend to creep, as many a company has found out that considered its network bullet-proof only to find an open WLAN or a shared ISDN dialup connection on some office PC.

     

    Your first argument fails because it's the same thing as saying physical access is insecure because a person who shouldn't be allowed physical access to the machine is let in.  Your second argument also applies to physical access.

     

    @brazzy said:

    And what do firewalls have to do with preventing access to the outside world?

    Lingerance covered this quite nicely, I think, but firewall is a very broad term which can cover all sorts of network monitoring and security technologies.

     

    @brazzy said:

    Your ignorance is truely pathetic.

    First, there is no reason to start a flamewar.  Second, you misspelled "truly".  Finally, you seem to miss the point that network access is just another form of physical access.  We're not even talking about being connected to the Internet or what-have-you, just the networking of two machines.  All security can be broken, it's just a matter of resources.  The idea is to ensure the security measures employed make a successful attack more expensive than the value of whatever is being protected, while at the same time being less expensive than that value.



  • @Irrelevant said:

    ... anyway, back on topic. Owing to some quirk of history, my IP address specifies my location down to at most a couple of buildings, given a reverse DNS lookup. I suspect the hostname given by rDNS may even be specific to the room. Something to do with the uni being an early adopter of that new-fangled interweb thingie and ending up with an entire class B or somesuch, I guess.

    Yes, but this is not inherent to the protocol itself, but instead a matter of careful record-keeping by your university.  I know for a fact that MasterPlanSoftware uses RCN as his ISP and they could easily set it up so that the reverse DNS record of his allocated IP included his name and address.  Obviously this would be a breach of his privacy, but it has nothing to do with IP itself.  So in theory someone could find your location by IP, but the OP stated that the investigators only obtained part of the IP address, which itself would probably be pretty useless.  Additionally, any real law enforcement agency would simply contact the ISP after obtaining the IP address and get the precise name and address of the customer.  I may be incorrect, but simply using a reverse DNS record as justification for a warrant or entry into someone's residence would probably not stand up to judicial scrutiny.



  • @brazzy said:

    Physical security ... does not as readily become completely meaningless due to unforeseen interactions or sheer stupidity.
    I think you are underestimating human stupidity.

    More on topic, I think it's a real shame that badly-done TV shows are affecting the perception of juries.  I bet they never considered what an effect they would have on the justice system. 



  • @Lingerance said:

    @brazzy said:
    And what do firewalls have to do with preventing access to the outside world?
    I'm going to assume from that statement your knowledge of firewalls is limited to the POS of a firewall included with XP SP2, as that is the only firewall I know off hand that only blocks packets coming in. Every other firewall (like the one included with Vista) will allow you to block outgoing traffic as well. In fact if you get a real firewall (ISA, Astaro or an enterprise hardware firewall) its default configuration is block everything coming into any port (physical and logical). With that being said a firewall can block people from being able access external resources/networks if placed correctly.

    If a firewall blocks everything, you might as well disconnect the two network segments physically and not have to worry about vulnerabilities in the firewall itself, or someone misconfiguring it. If it does not block everything, the port(s) it does not block is an open door to an attacker if there's a vulnerability in an app operating on that port or someone running (deliberately or inadvertedly) a trojan inside, and of course there's tunnelling and socks proxies that can make that door as big as the wall.

    @morbiuswilters said:

    @brazzy said:
    Yes, there is, if one of them contains data that users of the other one should not have access to. And networks tend to creep, as many a company has found out that considered its network bullet-proof only to find an open WLAN or a shared ISDN dialup connection on some office PC.

    Your first argument fails because it's the same thing as saying physical access is insecure because a person who shouldn't be allowed physical access to the machine is let in.  Your second argument also applies to physical access.

    I never said that physical security is always less penetrable than network security, just that physical security is easier to tighten to an extremely high level and to keep there, because people see what's going on. A single mistake is less likely to result in a permanent security hole that nobody notices. A guard not doing ID checks is obvious to everyone who witnesses it. A firewall having an open port that it shouldn't have or an unsecured WLAN will not be noticed if you don't look for it specifically.

    @morbiuswilters said:

    @brazzy said:
    Your ignorance is truely pathetic.

    First, there is no reason to start a flamewar.

    I never start flamewars, I only escalate them. 

    @morbiuswilters said:

    Finally, you seem to miss the point that network access is just another form of physical access.  We're not even talking about being connected to the Internet or what-have-you, just the networking of two machines.  All security can be broken, it's just a matter of resources.  The idea is to ensure the security measures employed make a successful attack more expensive than the value of whatever is being protected, while at the same time being less expensive than that value.

    My point is that network security is easier to get wrong and flaws in it are cheaper and less risky to exploit. 



  • @brazzy said:

    My point is that network security is easier to get wrong and flaws in it are cheaper and less risky to exploit. 

    Than physical security? Not hardly. It seems that SSNs are compromised all the time by lost laptops. Kevin Mitnick had great success through social engineering. No network in the world is as daft as the people using it.



  • @brazzy said:

    If a firewall blocks everything, you might as well disconnect the two network segments physically and not have to worry about vulnerabilities in the firewall itself, or someone misconfiguring it.

    A firewall blocks everything by default. You then open the ports one by one only as necessary, this is called security by design.

    @brazzy said:

    If it does not block everything, the port(s) it does not block is an open door to an attacker if there's a vulnerability in an app operating on that port or someone running (deliberately or inadvertedly [sic]) a trojan inside, and of course there's tunnelling [sic] and socks proxies that can make that door as big as the wall.

    A firewall is a tool like any other, you do not build a house using only a hammer, how will the measure? It is the firewall's sole responsibility to control and monitor traffic that passes through it, if it was configured to allow a tunnel then so be it. In a high security environment each host should have its own firewall on top of the firewall on the perimeter and internal networks anyways. The trojan thing is anti-virus' problem, the tunnel is IDS' and the network admin's for not locking the station down enough.


Log in to reply