1. Home
  2. Categories
  3. Side Bar WTF
  4. CSI blows us away

CSI blows us away

  • C

    @bstorer said:

    ... SNIP ... 

    slow to respond.

     

    I am at GMT+4 local time. Thus when I post most people here in the forum are off-line due to time-zone differences and vice versa.

    0
  • S

     I never liked CSI and to be honest i only really watched one episode. 

    This was quite some time back when CSI was brand sparkling new and i really thought i would like it. In this episode the "scientific" approach to determining how a dead body would drift in a lake was by using a big tub of water, a fan and a cork if i recall correctly. At that moment after realising this wasn't a joke i just turned of the tv.

    0
  • M

    @stratos said:

    In this episode the "scientific" approach to determining how a dead body would drift in a lake was by using a big tub of water, a fan and a cork
     

    It's not entirely unreasonable. If a lake has no in/out sources and is "just there", then there's not going to be much in the way of currents. That'd make wind the major method of stuff being pushed around on the surface.

    CSI has its faults, but at least they haven't sunk to the level of the butler in the study with the lead pipe (yet). 

    0 Severity_One FrostCat P 3 Replies
  • morbiuswilters

    @MarcB said:

    CSI has its faults, but at least they haven't sunk to the level of the butler in the study with the lead pipe (yet). 

    My anus is still hurting from that... stupid butler.. 

    0
  • C

    There was a pretty good one on Law & Order: Criminal Intent last night. It revolved around one of the players of an online game getting killed. It was ok technically up until the point where the detectives asked to get the IP address of a player and were told it was impossible "without hacking the game's code, and the programmers made it unhackable."

    0 morbiuswilters 1 Reply
  • D

    @Cap'n Steve said:

    it was impossible "without hacking the game's code, and the programmers made it unhackable."
    I think I just developed a brain haemorrhage.

    0 flabdablet 1 Reply
  • C

    Just dropping in to add my $0.02

    @morbiuswilters said:

    @KattMan said:
    So true, but if the routers are configured even minimally to return thier location and they usually are for reasons of maintainence being able to find them,then a simple trace route on the IP address and reading the responses will get you pretty close.

    I'm not actually sure what this is supposed to mean.  The router might have its location set in the reverse DNS record or it might be in a GeoIP database.  The router itself doesn't return anything, though.

    KattMan is correct. Standard SNMP reporting tools will return Location information for properly configured devices (such as routers). Basic devices with SNMP capability typically have the ability to set/return location data (MIB 1.3.6.1.2.1.1.6.0, I believe), which could be used to narrow down a physical location (though the setting is entirely user-configurable and would be unreliable as the sole basis for approximating geo-location). If one used a combination of ARIN WHOIS info, SNMP sysLocation info from the last few hops to an IP and the physical location of known IP's within the same subnet (if any are known), one could reasonably approximate the physical location of an otherwise unknown IP address.

    @morbiuswilters said:

    @KattMan said:
    I've seen some networks that can get you down the street of where the guy is, so "somewhere downtown" is a reasonable answer, but not from the IP address but rather from a simple trace route.

    Sure, that's possible under certain circumtances, but it is in no way guaranteed.  Additionally, you need the IP address to do a traceroute.  All traceroute tells you is which routers the packets are going through at that moment in time.  That can be useful for finding geographic location, but may not be.

    IIRC, in that episode they had the guy's IP but couldn't 'trace it' because he kept 'logging off so quickly' (!?!). Traceroute does tell you which routers packets are going through at that moment, but more importantly, they also tell you the *last* router a packet went through. Since there are physical distance limitations between end devices and their last (actually, first) hop, it would be safe to assume (in most cases) that the physical location of the last hop is very near the actual location of the end device (the IP you would trace in this instance).

    That said, I do agree; without having externally verifiable information regarding the physical location of an IP, I would not trust the data you could anonymously collect using traditional/legally-sanctioned methods.

    0 The_Assimilator 1 Reply
  • morbiuswilters

    @caffeinatedbacon said:

    KattMan is correct. Standard SNMP reporting tools will return Location information for properly configured devices (such as routers). Basic devices with SNMP capability typically have the ability to set/return location data (MIB 1.3.6.1.2.1.1.6.0, I believe), which could be used to narrow down a physical location (though the setting is entirely user-configurable and would be unreliable as the sole basis for approximating geo-location). If one used a combination of ARIN WHOIS info, SNMP sysLocation info from the last few hops to an IP and the physical location of known IP's within the same subnet (if any are known), one could reasonably approximate the physical location of an otherwise unknown IP address.

    And, um, who opens their SNMP on their router to the public internet?

     

    @caffeinatedbacon said:

    IIRC, in that episode they had the guy's IP but couldn't 'trace it' because he kept 'logging off so quickly' (!?!). Traceroute does tell you which routers packets are going through at that moment, but more importantly, they also tell you the *last* router a packet went through.

    No it doesn't.  It tells you the last router that generates ICMP responses that your particular packet went through.

     

    @caffeinatedbacon said:

    Since there are physical distance limitations between end devices and their last (actually, first) hop, it would be safe to assume (in most cases) that the physical location of the last hop is very near the actual location of the end device (the IP you would trace in this instance).

    Some how you are confusing the attenuation of the physical medium with IP networking.  Even if you could get the gateway for a host, that host could be located on the other side of earth.  You really need to educate yourself on networking fundamentals before you open your mouth. 

    0
  • M

    @caffeinatedbacon said:

    Since there are physical distance limitations between end devices and their last (actually, first) hop
     

    Tell that to the two routers at either end of a trans-Pacific cable. A DSL or Cable line has length limitations. A backbone link does not. If you didn't mind the latencyy, one of those hops could be off the Mars Reconnaisance Orbiter.

    And in any case, a VPN could in theory reduce a massively hopped link down to just 2 or 3 nodes. badguy->vpnhost->"oh please, try and find me.com". You're safely dialed into the VPN from a tent in the middle of Antarctica via Iridium, and your IP reports you as being seated in an office building in downtown Anyville, USA.

    0
Log in to reply