Loading ...
Sorry, an error occurred while loading the content.

NSA Patent 6,947,978.

Expand Messages
  • Ricky Gurley
    Who remembers the debate with Joanne Waldron about tracking computers on the Internet? Who remembers Kohno s white paper on identifying computers by their tcp
    Message 1 of 10 , Sep 28, 2005
    View Source
    • 0 Attachment
      Who remembers the debate with Joanne Waldron about tracking computers
      on the Internet? Who remembers Kohno's white paper on identifying
      computers by their tcp time stamps that Joanne submitted?

      Score one for Joanne. Even though she had no way of knowing what the
      future would hold from Kohno's project, she did make a good point on
      that white paper.

      The N.S.A. just patented a technology that I beleive was largely
      developed from Kohno's research. It is an interesting "landmark" in
      cyber investigations, and/or email tracing. The N.S.A. now has a way
      to identify the location of users on the Internet by using a
      technology that is similar (I said SIMILAR) to "pinging" a cell phone.
      Looks like Kohno's research actually paid off. Below is the
      description of the N.S.A. Patent:

      Abstract

      "Method for geolocating logical network addresses on electronically
      switched dynamic communications networks, such as the Internet, using
      the time latency of communications to and from the logical network
      address to determine its location. Minimum round-trip communications
      latency is measured between numerous stations on the network and known
      network addressed equipment to form a network latency topology map.
      Minimum round-trip communications latency is also measured between the
      stations and the logical network address to be geolocated. The
      resulting set of minimum round-trip communications latencies is then
      correlated with the network latency topology map to determine the
      location of the network address to be geolocated."

      You can find the patent at this URL: http://tinyurl.com/bbxae

      An interesting topic of conversation I believe.....


      Rick.


      Risk Management Research & Investments, Inc.

      "Columbia's Premiere Private Investigation's Company"


      2101 W. Broadway PMB 326, Columbia, MO. 65203

      Phone: (636) 410-0251

      Fax: (636) 410-0257

      Cell: (573) 529-0808

      EMERGENCY LINE: (888) 571-0958

      Email: RMRI-Inc@...

      Webpage: http://www.rmri.net/



      Come Join ProEmailTracing

      Learn EVERYTHING you ever wanted to know about Cyber Investigations!

      Subscribe at: ProEmailTracing-subscribe@yahoogroups.com



      "Oh divine arts of subtlety and secrecy!

      Through you we learn to be unseen. Through

      you we learn to be unheard; and hence we hold

      the fate or our enemies in our hands....."

      Sun Tzu 500 B.C. "The Art Of War"




      It is not the critic who counts,

      not the man who points out how the strong man stumbles,

      or where the doer of deeds could have done them better.

      The credit belongs to the man who is actually in the

      arena.... who strives ..... who spends himself and who,

      at the worst, if fails, at least he fails while daring,

      so that his place shall never be with those cold and

      timid souls who knew neither victory or defeat.

      Theodore "Teddy" Roosevelt
    • Betteye
      If we learn where some of this junk mail is coming from can we re-route it back to the sender? thanks ... From: Ricky Gurley To:
      Message 2 of 10 , Sep 29, 2005
      View Source
      • 0 Attachment
        If we learn where some of this junk mail is coming from can we re-route it
        back to the sender?
        thanks
        ----- Original Message -----
        From: "Ricky Gurley" <rmriinc@...>
        To: <infoguys-list@yahoogroups.com>
        Sent: Wednesday, September 28, 2005 10:54 PM
        Subject: [infoguys-list] NSA Patent 6,947,978.


        >
        > Who remembers the debate with Joanne Waldron about tracking computers
        > on the Internet? Who remembers Kohno's white paper on identifying
        > computers by their tcp time stamps that Joanne submitted?
        >
        > Score one for Joanne. Even though she had no way of knowing what the
        > future would hold from Kohno's project, she did make a good point on
        > that white paper.
        >
        > The N.S.A. just patented a technology that I beleive was largely
        > developed from Kohno's research. It is an interesting "landmark" in
        > cyber investigations, and/or email tracing. The N.S.A. now has a way
        > to identify the location of users on the Internet by using a
        > technology that is similar (I said SIMILAR) to "pinging" a cell phone.
        > Looks like Kohno's research actually paid off. Below is the
        > description of the N.S.A. Patent:
        >
        > Abstract
        >
        > "Method for geolocating logical network addresses on electronically
        > switched dynamic communications networks, such as the Internet, using
        > the time latency of communications to and from the logical network
        > address to determine its location. Minimum round-trip communications
        > latency is measured between numerous stations on the network and known
        > network addressed equipment to form a network latency topology map.
        > Minimum round-trip communications latency is also measured between the
        > stations and the logical network address to be geolocated. The
        > resulting set of minimum round-trip communications latencies is then
        > correlated with the network latency topology map to determine the
        > location of the network address to be geolocated."
        >
        > You can find the patent at this URL: http://tinyurl.com/bbxae
        >
        > An interesting topic of conversation I believe.....
        >
        >
        > Rick.
        >
        >
        > Risk Management Research & Investments, Inc.
        >
        > "Columbia's Premiere Private Investigation's Company"
        >
        >
        > 2101 W. Broadway PMB 326, Columbia, MO. 65203
        >
        > Phone: (636) 410-0251
        >
        > Fax: (636) 410-0257
        >
        > Cell: (573) 529-0808
        >
        > EMERGENCY LINE: (888) 571-0958
        >
        > Email: RMRI-Inc@...
        >
        > Webpage: http://www.rmri.net/
        >
        >
        >
        > Come Join ProEmailTracing
        >
        > Learn EVERYTHING you ever wanted to know about Cyber Investigations!
        >
        > Subscribe at: ProEmailTracing-subscribe@yahoogroups.com
        >
        >
        >
        > "Oh divine arts of subtlety and secrecy!
        >
        > Through you we learn to be unseen. Through
        >
        > you we learn to be unheard; and hence we hold
        >
        > the fate or our enemies in our hands....."
        >
        > Sun Tzu 500 B.C. "The Art Of War"
        >
        >
        >
        >
        > It is not the critic who counts,
        >
        > not the man who points out how the strong man stumbles,
        >
        > or where the doer of deeds could have done them better.
        >
        > The credit belongs to the man who is actually in the
        >
        > arena.... who strives ..... who spends himself and who,
        >
        > at the worst, if fails, at least he fails while daring,
        >
        > so that his place shall never be with those cold and
        >
        > timid souls who knew neither victory or defeat.
        >
        > Theodore "Teddy" Roosevelt
        >
        >
        >
        >
        >
        >
        >
        >
        >
        > <p><hr></p>
        > To subscribe, send an empty message to <a
        > href="mailto:infoguys-list-subscribe@yahoogroups.com">infoguys-list-subscribe@yahoogroups.com</a><br/>
        > To unsubscribe, send a message to <a
        > href="mailto:infoguys-list-unsubscribe@yahoogroups.com">infoguys-list-unsubscribe@yahoogroups.com</a><br/>
        > <p><hr></p>
        > Yahoo! Groups Links
        >
        >
        >
        >
        >
        >
      • Ricky Gurley
        ... route it ... I suppose you can, Betteye .. It would all depend on the filters you have on your email client, how extendable they are, how powerful they
        Message 3 of 10 , Sep 29, 2005
        View Source
        • 0 Attachment
          --- In infoguys-list@yahoogroups.com, "Betteye" <the_boldens@s...>
          wrote:
          > If we learn where some of this junk mail is coming from can we re-
          route it
          > back to the sender?
          > thanks

          I suppose you can, "Betteye".. It would all depend on the filters you
          have on your email client, how extendable they are, how powerful they
          are, and if you know how to use them correctly.

          I can do some pretty "nasty" things to a SPAMMER from my Linux Box. I
          use Kontact, which uses the KMail email client. I use my Linux Box to
          open "suspicious email" because it is not as vulnerable to viruses and
          malware as Windows is. I also use Klam Antivirus on my Linux Box,
          because there are a few viruses that can affect Linux. But in order to
          do any real damamge to the Linux Operating System itself the program
          has to gain root privileges. A Windows machine is just "open". The
          main worry on a Linux System is having some type of a "root kit"
          installed on the Operating System, but I also have my Linux Box set to
          run a "root kit check" daily, it just logs in as root and runs the
          command: chkrootkit.

          I have also noticed on my two (2) Windows Machines that Outlook also
          has some pretty nifty options in it's filtering rules. If you know how
          to set up your rules properly on your Outlook filters, you can
          probably do what you are asking about. There are some people on this
          group that can probably extend Windows almost as far as one can extend
          Linux. They are very talented when it comes to working in a Windows
          environment, and if you were to find the right person, they could show
          you how to do some pretty interesting things with the filter rules in
          Outlook and/or Outlook Express.

          The problem is that most SPAM is automated, and oftentimes SPAMMERS
          use "zombies" to send their SPAM from. Oftentimes the "zombie" is
          nothing more than a server with an Open Mail Relay. So, you would not
          necessarily be rerouting the SPAM back to the party that would be
          guilty of SPAMMING you. You could very well be sending it back to an
          innocent party who is only guilty of not knowing how to properly
          configure their server.

          I use a program named POPFile (http://popfile.sourceforge.net/) that
          uses bayesian filtering (which amounts to intelligent filtering) in
          conjunction with the filters that KMail has on it, and I am ALMOST
          SPAMFree. I do have a filter set up to send a message back to the
          source that the SPAM came from, but the idea is not to be "proactively
          combative", but instead to possibly inform any company or person that
          has an Open Mail Relay that it is being used to SPAM people that their
          system is being used to SPAM people from. In the hopes that the return
          message will be read by someone that is running the server that has an
          Open Mail Relay on it, and can fix the problem.

          Hope this helps, some.

          Take care.


          Rick.

          Risk Management Research & Investments, Inc.

          "Columbia's Premiere Private Investigation's Company"


          2101 W. Broadway PMB 326, Columbia, MO. 65203

          Phone: (636) 410-0251

          Fax: (636) 410-0257

          Cell: (573) 529-0808

          EMERGENCY LINE: (888) 571-0958

          Email: RMRI-Inc@...

          Webpage: http://www.rmri.net/



          Come Join ProEmailTracing

          Learn EVERYTHING you ever wanted to know about Cyber Investigations!

          Subscribe at: ProEmailTracing-subscribe@yahoogroups.com



          "Oh divine arts of subtlety and secrecy!

          Through you we learn to be unseen. Through

          you we learn to be unheard; and hence we hold

          the fate or our enemies in our hands....."

          Sun Tzu 500 B.C. "The Art Of War"




          It is not the critic who counts,

          not the man who points out how the strong man stumbles,

          or where the doer of deeds could have done them better.

          The credit belongs to the man who is actually in the

          arena.... who strives ..... who spends himself and who,

          at the worst, if fails, at least he fails while daring,

          so that his place shall never be with those cold and

          timid souls who knew neither victory or defeat.

          Theodore "Teddy" Roosevelt
        • Jim Parker
          I do.
          Message 4 of 10 , Sep 29, 2005
          View Source
          • 0 Attachment
            <<< Who remembers the debate with Joanne Waldron about tracking computers
            on the Internet? >>>

            I do.


            <<< Who remembers Kohno's white paper on identifying computers by their tcp
            time stamps that Joanne submitted? >>>

            I do.


            <<< Score one for Joanne. >>>

            Sorry.. But no.. Not even close.


            <<< The N.S.A. just patented a technology that I beleive was largely
            developed from Kohno's research. >>>

            First, Kohno's research dealt with identifying a particular computer by
            measuring the clock skews (microscopic deviations in device hardware) on
            computers where the location was known. In very, very simplistic terms,
            like identifying a particular vehicle by its unique VIN number.

            From his research paper: "One can use our techniques to obtain information
            about whether two devices on the Internet . . . are actually the same
            physical device."

            On the contrary, NSA's system deals with identifying the geographic location
            of a computer.

            You're comparing apples and oranges - one has nothing to do with the other.


            If that's not convincing enough for you, the NSA originally filed for the
            patent in December 2000 - four and a half years before Kohno's paper was
            released, and long before he even commenced his studies.

            Your link didn't work, so here's another:

            http://cryptome.org/nsa-6947978.htm


            Jim

            =================

            JIM PARKER - Chief Investigator
            Email Tracing & Internet Fraud Specialist.
            Axis Investigative Services, Inc. (FL)
            Web: http://www.FloridaDetectives.com
            Email: Jim@...
            Florida License #: A-2000163

            Director / Team Member of MissingKIN
            "Dedicated to finding missing and abducted children"
            Web: http://www.MissingKIN.com



            --
            No virus found in this outgoing message.
            Checked by AVG Anti-Virus.
            Version: 7.0.344 / Virus Database: 267.11.8/114 - Release Date: 9/28/2005
          • Ricky Gurley
            ... computers ... their tcp ... by ... hardware) on ... terms, ... information ... same ... location ... other. ... for the ... was ... Jim... Just one
            Message 5 of 10 , Sep 29, 2005
            View Source
            • 0 Attachment
              --- In infoguys-list@yahoogroups.com, "Jim Parker" <Jim@F...> wrote:
              > <<< Who remembers the debate with Joanne Waldron about tracking
              computers
              > on the Internet? >>>
              >
              > I do.
              >
              >
              > <<< Who remembers Kohno's white paper on identifying computers by
              their tcp
              > time stamps that Joanne submitted? >>>
              >
              > I do.
              >
              >
              > <<< Score one for Joanne. >>>
              >
              > Sorry.. But no.. Not even close.
              >
              >
              > <<< The N.S.A. just patented a technology that I beleive was largely
              > developed from Kohno's research. >>>
              >
              > First, Kohno's research dealt with identifying a particular computer
              by
              > measuring the clock skews (microscopic deviations in device
              hardware) on
              > computers where the location was known. In very, very simplistic
              terms,
              > like identifying a particular vehicle by its unique VIN number.
              >
              > From his research paper: "One can use our techniques to obtain
              information
              > about whether two devices on the Internet . . . are actually the
              same
              > physical device."
              >
              > On the contrary, NSA's system deals with identifying the geographic
              location
              > of a computer.
              >
              > You're comparing apples and oranges - one has nothing to do with the
              other.
              >
              >
              > If that's not convincing enough for you, the NSA originally filed
              for the
              > patent in December 2000 - four and a half years before Kohno's paper
              was
              > released, and long before he even commenced his studies.
              >
              > Your link didn't work, so here's another:
              >
              > http://cryptome.org/nsa-6947978.htm
              >

              Jim... Just one question.. In high definition timing applications
              involving servers, what is one important factor that has to be taken
              into account to accurately measure network latency?


              >
              > Jim
              >
              > =================
              >
              > JIM PARKER - Chief Investigator
              > Email Tracing & Internet Fraud Specialist.
              > Axis Investigative Services, Inc. (FL)
              > Web: http://www.FloridaDetectives.com
              > Email: Jim@F...
              > Florida License #: A-2000163
              >
              > Director / Team Member of MissingKIN
              > "Dedicated to finding missing and abducted children"
              > Web: http://www.MissingKIN.com
              >
              >
              >
              > --
              > No virus found in this outgoing message.
              > Checked by AVG Anti-Virus.
              > Version: 7.0.344 / Virus Database: 267.11.8/114 - Release Date: 9/
              28/2005
            • Jim Parker
              There are several, but to name just a couple:
              Message 6 of 10 , Sep 29, 2005
              View Source
              • 0 Attachment
                <<< what is one important factor that has to be taken into account to
                accurately measure network latency? >>>


                There are several, but to name just a couple:

                Propagation (the time it takes for a packet to travel from one point to
                another at the speed of light).

                The conduit used to transport the packet (optical, cable, wireless, etc.)
                would be a major consideration, as some would cause considerably more
                latency (delay) than others.

                And others.....

                What's your point?

                Jim

                =================

                JIM PARKER - Chief Investigator
                Email Tracing & Internet Fraud Specialist.
                Axis Investigative Services, Inc. (FL)
                Tel: 1-866 PI FLORIDA
                Web: http://www.FloridaDetectives.com
                Email: Jim@...
                Florida License #: A-2000163

                Director / Team Member of MissingKIN
                "Dedicated to finding missing and abducted children"
                Web: http://www.MissingKIN.com


                --
                No virus found in this outgoing message.
                Checked by AVG Anti-Virus.
                Version: 7.0.344 / Virus Database: 267.11.8/114 - Release Date: 9/28/2005
              • Ricky Gurley
                ... to ... to ... etc.) ... more ... Accurate measurements of network latency has alot to do with clock skews from the device the latency is being measured
                Message 7 of 10 , Sep 29, 2005
                View Source
                • 0 Attachment
                  --- In infoguys-list@yahoogroups.com, "Jim Parker" <Jim@F...> wrote:
                  > <<< what is one important factor that has to be taken into account
                  to
                  > accurately measure network latency? >>>
                  >
                  >
                  > There are several, but to name just a couple:
                  >
                  > Propagation (the time it takes for a packet to travel from one point
                  to
                  > another at the speed of light).
                  >
                  > The conduit used to transport the packet (optical, cable, wireless,
                  etc.)
                  > would be a major consideration, as some would cause considerably
                  more
                  > latency (delay) than others.
                  >
                  > And others.....
                  >
                  > What's your point?

                  Accurate measurements of network latency has alot to do with clock
                  skews from the device the latency is being measured from. Packet
                  propogation takes into account the clock skews from the machine that
                  the packet was sent from.

                  Note we are talking about precise readings, not just ping times, which
                  are measured in milliseconds, still pretty precise but not quite as
                  precise as nanosecond measurements. And this should be noted because
                  the accuracy of the geogrpahical location of the machine that the NSA
                  would be tracing would depend the most accurate measurement of network
                  latency possible.

                  Clock Skews have more to do with this, than what you would lead the
                  reader to believe. Which you are right, was the basis of Kohno's
                  paper.

                  The fact that Khono's paper was published in May of 2005 does not
                  indicate how new or old his work is, he has a PhD. now, his research
                  could very well predate the year of 2000 when the NSA applied for
                  their patent. It is not uncommon for some research projects to take
                  years to complete in college, especially ones that people work on for
                  their PhD.

                  All of this is not to say that you are wrong about anything, Jim. Nor
                  is this to say that Joanne is some great visionary. The point here
                  that is I am trying to make, and that seems interesting to me, is a
                  speculation of whether or not it is possible that Kohno could have
                  shared his ideas with the NSA, or if the NSA could have gotten their
                  idea from Kohno in some indirect way. or perhaps it is the other way
                  around??? Especially since one of the major areas of research that
                  Tadayoshi Kohno works in is cryptography, which is what the NSA is all
                  about. It would not be unheard of for a student in computer science to
                  work with the NSA in certain areas. Afterall; Tsutomu Shimomura
                  produced software for the NSA as a student at University of California
                  at San Diego. I personally find this interesting....


                  Rick
                  >
                  > Jim
                  >
                  > =================
                  >
                  > JIM PARKER - Chief Investigator
                  > Email Tracing & Internet Fraud Specialist.
                  > Axis Investigative Services, Inc. (FL)
                  > Tel: 1-866 PI FLORIDA
                  > Web: http://www.FloridaDetectives.com
                  > Email: Jim@F...
                  > Florida License #: A-2000163
                  >
                  > Director / Team Member of MissingKIN
                  > "Dedicated to finding missing and abducted children"
                  > Web: http://www.MissingKIN.com
                  >
                  >
                  > --
                  > No virus found in this outgoing message.
                  > Checked by AVG Anti-Virus.
                  > Version: 7.0.344 / Virus Database: 267.11.8/114 - Release Date: 9/
                  28/2005
                • Jim Parker
                  No, sorry, it doesn t... at least not in this
                  Message 8 of 10 , Sep 29, 2005
                  View Source
                  • 0 Attachment
                    <<< Packet propogation takes into account the clock skews from the machine
                    that the packet was sent from. >>>


                    No, sorry, it doesn't... at least not in this case. Propagation (as I said
                    earlier) is the length of time it takes a packet to TRAVEL from one point to
                    another at the speed of light.

                    The latency is measured from the instant the packet leaves the sending
                    machine to the instant it arrives at a particular destination on the
                    network.

                    Clock Skews occur internally, before the packet leaves the computer, not
                    after.


                    In simplistic terms again, suppose a flight leaves Orlando, FL at 16:00, and
                    arrives in Cleveland, OH at 19:00, then the latency between departure and
                    arrival is 3 hours (it's a 3 hour flight).

                    If the plane is delayed before departure (think clock skews), and instead,
                    doesn't leave until 17:00 hours and arrive at 20:00, it's still a three hour
                    flight, regardless of what happened before it departed.


                    <<< he has a PhD. now, his research could very well predate the year of
                    2000 when the NSA applied for their patent. >>>

                    No, he's a PhD student - he didn't start his PhD studies until 2001, and by
                    his own accounts, didn't conduct any significant tests on his clock skew
                    theories until late 2004.

                    But even if what you are suggesting were the case, it would still be
                    irrelevant, as we're still talking about two entirely different processes.
                    One (NSA) to determine the geographic location of a computer, and the other
                    (Kohno) to identify a particular computer by its unique characteristics
                    (clock skews).

                    Again, let's put it in simple terms that everyone can understand:

                    You own a 1987 Mercedes, don't you? Suppose we take an identical 1987
                    Mercedes, exact same color, same interior, same condition, same stereo...
                    Etc... we remove the license plates and sit them side by side. How do you
                    positively identify your vehicle over the other one?

                    Simple: You look at the VIN number, which is unique (just like Kohno's
                    clock skews are unique to certain computer hardware), so you know which is
                    your car.

                    However, knowing the unique VIN number does NOT help you determine the
                    current location of your vehicle at any given time, which is the crux of the
                    NSA process.

                    As I said, these are two entirely different processes intended to achieve
                    two entirely different results.

                    Jim

                    =================

                    JIM PARKER - Chief Investigator
                    Email Tracing & Internet Fraud Specialist.
                    Axis Investigative Services, Inc. (FL)
                    Web: http://www.FloridaDetectives.com
                    Email: Jim@...
                    Florida License #: A-2000163

                    Director / Team Member of MissingKIN
                    "Dedicated to finding missing and abducted children"
                    Web: http://www.MissingKIN.com










                    -----Original Message-----
                    From: infoguys-list@yahoogroups.com [mailto:infoguys-list@yahoogroups.com]
                    On Behalf Of Ricky Gurley
                    Sent: Thursday, September 29, 2005 5:23 PM
                    To: infoguys-list@yahoogroups.com
                    Subject: [infoguys-list] Re: NSA Patent 6,947,978.

                    --- In infoguys-list@yahoogroups.com, "Jim Parker" <Jim@F...> wrote:
                    > <<< what is one important factor that has to be taken into account
                    to
                    > accurately measure network latency? >>>
                    >
                    >
                    > There are several, but to name just a couple:
                    >
                    > Propagation (the time it takes for a packet to travel from one point
                    to
                    > another at the speed of light).
                    >
                    > The conduit used to transport the packet (optical, cable, wireless,
                    etc.)
                    > would be a major consideration, as some would cause considerably
                    more
                    > latency (delay) than others.
                    >
                    > And others.....
                    >
                    > What's your point?

                    Accurate measurements of network latency has alot to do with clock skews
                    from the device the latency is being measured from. Packet propogation takes
                    into account the clock skews from the machine that the packet was sent from.

                    Note we are talking about precise readings, not just ping times, which are
                    measured in milliseconds, still pretty precise but not quite as precise as
                    nanosecond measurements. And this should be noted because the accuracy of
                    the geogrpahical location of the machine that the NSA would be tracing would
                    depend the most accurate measurement of network latency possible.

                    Clock Skews have more to do with this, than what you would lead the reader
                    to believe. Which you are right, was the basis of Kohno's paper.

                    The fact that Khono's paper was published in May of 2005 does not indicate
                    how new or old his work is, he has a PhD. now, his research could very well
                    predate the year of 2000 when the NSA applied for their patent. It is not
                    uncommon for some research projects to take years to complete in college,
                    especially ones that people work on for their PhD.

                    All of this is not to say that you are wrong about anything, Jim. Nor is
                    this to say that Joanne is some great visionary. The point here that is I am
                    trying to make, and that seems interesting to me, is a speculation of
                    whether or not it is possible that Kohno could have shared his ideas with
                    the NSA, or if the NSA could have gotten their idea from Kohno in some
                    indirect way. or perhaps it is the other way around??? Especially since one
                    of the major areas of research that Tadayoshi Kohno works in is
                    cryptography, which is what the NSA is all about. It would not be unheard of
                    for a student in computer science to work with the NSA in certain areas.
                    Afterall; Tsutomu Shimomura produced software for the NSA as a student at
                    University of California at San Diego. I personally find this
                    interesting....


                    Rick
                    >
                    > Jim
                    >
                    > =================
                    >
                    > JIM PARKER - Chief Investigator
                    > Email Tracing & Internet Fraud Specialist.
                    > Axis Investigative Services, Inc. (FL)
                    > Tel: 1-866 PI FLORIDA
                    > Web: http://www.FloridaDetectives.com
                    > Email: Jim@F...
                    > Florida License #: A-2000163
                    >
                    > Director / Team Member of MissingKIN
                    > "Dedicated to finding missing and abducted children"
                    > Web: http://www.MissingKIN.com
                    >
                    >
                    > --
                    > No virus found in this outgoing message.
                    > Checked by AVG Anti-Virus.
                    > Version: 7.0.344 / Virus Database: 267.11.8/114 - Release Date: 9/
                    28/2005







                    <p><hr></p>
                    To subscribe, send an empty message to <a
                    href="mailto:infoguys-list-subscribe@yahoogroups.com">infoguys-list-subscrib
                    e@yahoogroups.com</a><br/>
                    To unsubscribe, send a message to <a
                    href="mailto:infoguys-list-unsubscribe@yahoogroups.com">infoguys-list-unsubs
                    cribe@yahoogroups.com</a><br/>
                    <p><hr></p>
                    Yahoo! Groups Links






                    --
                    No virus found in this incoming message.
                    Checked by AVG Anti-Virus.
                    Version: 7.0.344 / Virus Database: 267.11.8/114 - Release Date: 9/28/2005


                    --
                    No virus found in this outgoing message.
                    Checked by AVG Anti-Virus.
                    Version: 7.0.344 / Virus Database: 267.11.8/114 - Release Date: 9/28/2005
                  • Ricky Gurley
                    ... machine ... I said ... point to ... And is calculated by TCP Time Stamps... Jim. Try to remember the word REPEAT, here Jim. Because it is important.
                    Message 9 of 10 , Sep 30, 2005
                    View Source
                    • 0 Attachment
                      --- In infoguys-list@yahoogroups.com, "Jim Parker" <Jim@F...> wrote:
                      > <<< Packet propogation takes into account the clock skews from the
                      machine
                      > that the packet was sent from. >>>
                      >
                      >
                      > No, sorry, it doesn't... at least not in this case. Propagation (as
                      I said
                      > earlier) is the length of time it takes a packet to TRAVEL from one
                      point to
                      > another at the speed of light.

                      And is calculated by TCP Time Stamps... Jim. Try to remember the word
                      REPEAT, here Jim. Because it is important. Calibrations are taken
                      REPEATEDLY to determine network latency... Well Jim, it may not have
                      occured to you that the variance in these TCP Stamps is caused in part
                      by clock skews, per RFC 1323 the timing differential can be from 1
                      millisecond to 1 second, AND each device in the chain has a different
                      clock skew, thereby affecting the travel time of the packet that is
                      being sent. This is not only how the machine is FINGERPRITNED, Jim. It
                      is also how the machine is geolocated! Let me put it in a more simpler
                      way. I have a 1989 Mercedes Benz (by the way, if you put that beside a
                      1987 Mercedes Benz, there would be some differences besides the VIN).
                      I leave from my house in my Benz and drive to another house 10 miles
                      away where an associate of mine lives. My associate at that house does
                      not know where I live or how far away I live, but wants to know
                      without asking me. I call each time before I leave my house. It takes
                      me 15 minutes to get there one time, 20 minutes to get there another
                      time, 30 minutes to get there another time, and 10 minutes to get
                      there another time. Are you trying to tell me that this variance in
                      time will not figure into the equation, if my associate were trying to
                      calculate how far away I live from him by the time it takes me to get
                      to his house taking into account the speed limit in our local area? Of
                      course the scenario is more complicated than this, but it is pretty
                      much the same math, just greatly simplified.

                      Clock skews produce the variance in time that is measured from the TCP
                      Time Stamps that are used to calculate network latency. Imagine this..
                      If you have a network with 5 different routers a packet can come in
                      on, and you know the skew over every other path to your network.. All
                      the routers on the way then as a packet comes to you.. You can use it
                      to identify which path a packet took to your network and therefore
                      where it's from. Try to remember that milliseconds in time can be
                      hundreds and hundreds of miles, maybe even thousands of miles in
                      cyberspace. It does not matter that the clock skew or drift happens
                      before the TCP Time Stamp is produced, what matters is that the TCP
                      Time Stamp shows the clock skew that is needed to make that machine/
                      router/server unique when it is REPEATEDLY calculated over a period of
                      time and that the TCP Time Stamp will travel through devices that have
                      time drifts on them that have to be taken into account, so that it can
                      be geolocated accurately. Otherwise, you would locate a thousand
                      machines in a thousand different geographical areas as your one target
                      machine. Because as you have said before, the traceroute can vary
                      depending on many different factors, so you are not uniquely
                      identifying each router by IP Address as the devices IP Address can
                      change and the path the packet travels can change quite frequently. So
                      this method has to take that into account, and use the clock skews or
                      drifts to identify each hop along the way and then make the proper
                      calculations to locate the target machine. The whole point is that
                      each router/server/machine is identified in such a way that it is
                      persistently unique, not unique just long enough to release it's IP
                      Number. If what you were saying were true Jim, one could take a
                      program like NeoTrace and work with it for a day or two, continually
                      pinging an IP Number any given machine, and with the correct
                      calculations arrive at it's precise location, every time.

                      I think that you are illustrating what is happening on the surface
                      here, but you are not illustrating what is happening under the surface
                      in this process, which is important since that is what makes what
                      people see on the surface work.


                      >
                      > The latency is measured from the instant the packet leaves the
                      sending
                      > machine to the instant it arrives at a particular destination on the
                      > network.
                      >
                      > Clock Skews occur internally, before the packet leaves the computer,
                      not
                      > after.

                      Before the packet leaves what computer, the target computer? Do these
                      clock skews also occur in routers, hubs, and switches along the way
                      back to the computer the packet was sent from, Jim?

                      >
                      >
                      > In simplistic terms again, suppose a flight leaves Orlando, FL at
                      16:00, and
                      > arrives in Cleveland, OH at 19:00, then the latency between
                      departure and
                      > arrival is 3 hours (it's a 3 hour flight).
                      >
                      > If the plane is delayed before departure (think clock skews), and
                      instead,
                      > doesn't leave until 17:00 hours and arrive at 20:00, it's still a
                      three hour
                      > flight, regardless of what happened before it departed.

                      That's fine Jim. But if that plane is delayed for a period of time
                      before departure, and you want to determine how far off that plane was
                      when it departed AND ALL YOU HAVE IS IT'S SUPPOSED TIME OF DEPARTURE,
                      then you would calculate the time it took from it's point of departure
                      with the delay factored, in to it's time of arrival, is this what you
                      are saying? So, if the plane was delayed 10 hours, you would say 10
                      hours + 3 hours = 13 hours at a speed of 300 m.p.h. = 3,900 miles, so
                      the plane must have left from a departure point that was 3,900 miles
                      away? Is the the math you would use to determine how far off the
                      planes departure point was, Jim? Let's go a step further. What if the
                      plane flew 10 times, and it was delayed for 10, 9, 8, 7, 6, 5, 4, 3,
                      2, and 1 hours on these ten flights. You would say that the departure
                      points were 3,900, 3,600, 3,300, 3,000, 2,700, 2,400, 2,100, 1,800, 1,
                      500, and 1,200 miles away, EVEN if the plane left from the same
                      departure point each time? Is this how you would determine how far off
                      the same departure point is, Jim? Your math seems a little off Jim,
                      for a plane that was only 900 miles away....... Take this same
                      scenario and say that the same airplane stops 10 times along the way
                      to it's point of arrival, each stop being for a variable amount of
                      time, do this 10 times, can you formulate an equation in which you can
                      approximate it's point of departure's approximate distance?

                      When you are dealing with TCP Time Stamps, the packet that you get
                      back has went through other devices before it got to the target
                      computer each device having a slightly different clock skew, therby
                      affecting the roundtrip travel time of the packet. That packet has to
                      come into the target system, in order to be stamped with the correct
                      information so that it can be sent back to it's point of origin. If
                      the process were just one way and from one point directly to another
                      point, I could almost see the point that you are trying to make. But
                      the process is a send and a receive through several different servers,
                      switches, hubs, and/or routers, and before being sent back the stamp
                      is made by the computer with the varying clock skew. That drift in
                      time is a part of the timing process, Jim. Because the packet does not
                      stop at the computer and then immediately return to the sending
                      computer without first being "processed" with a time stamp from the
                      target computer, nor does it go straight to the computer without ever
                      passing through a switch or a router or a hub, which I might add ALL
                      have clock skews or time drifts. So, clock skews have to be taken into
                      account when calculating the round trip time to arrive at an accurate
                      enough calculation to arrive at a geographical location for a target
                      device. Are you implying that the only devices that take information
                      from the traveling packet and puts new information on the traveling
                      packet so that it can be routed to it's destination is the target
                      computer and the sending computer, and no other device the packet
                      passes through along the way processes the packet in this manner? And
                      if you are not implying that, and you are smart enough to know that
                      each device on the Internet that can act as a hop along the way has
                      it's own unique clock skew, then you have to acknowledge that these
                      clock skews from each device affect the round trip travel time of the
                      packet, Jim. Perhaps you don't quite understand that time itself has
                      never been recorded with 100% accuracy? And perhaps you don't
                      understand that milliseconds translate into miles in cyberspace, for
                      the purpose of locating a computer? Perhaps you may not grasp that the
                      only place in the world where these clock skews could possibly make a
                      difference such as this would be in cyberspace? Maybe you have not
                      quite figured out that if all of this is true, then those milliseconds
                      of difference are important to accurately calculate in order to arrive
                      at as accurate a location as possible? And maybe you have not stopped
                      to think that while these types of calculations would be impossible
                      for a human to do at "supersonic speed", it is not so hard for a
                      computer to do them at "supersonic speed"?

                      >
                      >
                      > <<< he has a PhD. now, his research could very well predate the
                      year of
                      > 2000 when the NSA applied for their patent. >>>
                      >
                      > No, he's a PhD student - he didn't start his PhD studies until 2001,
                      and by
                      > his own accounts, didn't conduct any significant tests on his clock
                      skew
                      > theories until late 2004.

                      Give ya that one, you are right about him not being a PhD. I do not
                      think that the fact that he did not conduct any significant tests
                      until 2004 is a testament that his research began in 2004, however.

                      > But even if what you are suggesting were the case, it would still be
                      > irrelevant, as we're still talking about two entirely different
                      processes.
                      > One (NSA) to determine the geographic location of a computer, and
                      the other
                      > (Kohno) to identify a particular computer by its unique
                      characteristics
                      > (clock skews).

                      Not gonna explain how clock skews affect TCP Time Stamps for
                      calculating network latency with precision, again....
                      >
                      > Again, let's put it in simple terms that everyone can understand:
                      >
                      > You own a 1987 Mercedes, don't you? No. Suppose we take an
                      identical 1987
                      > Mercedes, exact same color, same interior, same condition, same
                      stereo...
                      > Etc... we remove the license plates and sit them side by side. How
                      do you
                      > positively identify your vehicle over the other one?
                      >
                      > Simple: You look at the VIN number, which is unique (just like
                      Kohno's
                      > clock skews are unique to certain computer hardware), so you know
                      which is
                      > your car.
                      >
                      > However, knowing the unique VIN number does NOT help you determine
                      the
                      > current location of your vehicle at any given time, which is the
                      crux of the
                      > NSA process.

                      Well that's simple enough.. But.. What if you put a lojack in each car
                      to determine where it is? And you use the very same identifiers for
                      both lojacks. They were completely identical in every aspect,
                      electronically, same signal, same frequency, EVERYTHING was an exact
                      duplicate. Could you distinguish between the two vehicles if they were
                      moving at the same time? Sure you could. The speed at which they were
                      traveling would vary, and thus you would have two different vehicles,
                      thus you would have a point to distinguish these two devices with.
                      Just like you would with clock skews on computers... Just like you
                      would to geolocate a computer by it's unique fingerprint. I think the
                      principle is simple, in order to locate something, you first have to
                      prove that something is there to be located. In order to determine the
                      location of an object with time calculations, there has to be a
                      variable and there has to be a constant, even if the only variable is
                      the time in which calculations were made to get an accurate read on
                      where that object is. This applies more so with laptops as they are
                      mobile, as Kohno states below:

                      "Kohno seems to be aware of the interest from surveillance groups that
                      his techniques could generate, saying in his paper: "One could also
                      use our techniques to help track laptops as they move, perhaps as part
                      of a Carnivore-like project". Carnivore was Internet surveillance
                      software built by the United States' Federal Bureau of Investigation.
                      Earlier in the paper Kohno overshadowed possible forensics
                      applications, saying that investigators could use his techniques "to
                      argue whether a given laptop was connected to the Internet from a
                      given access location".
                      >
                      > As I said, these are two entirely different processes intended to
                      achieve
                      > two entirely different results.

                      And as I have illustrated above several times, one process just goes a
                      little further than the other to determine a geolocation of a target
                      machine....

                      And thus.. I am still left wondering if these methods were created
                      altogether separately and without any cooperation, or if one did not
                      lend itself to the other in some way?

                      And now I grow bored of "debate infinity", so Jim feel free to close..


                      Rick.

                      RMRI, Inc.
                      (888) 571-0958
                      http://www.rmri.net
                    • Jim Parker
                      Clearly, I
                      Message 10 of 10 , Sep 30, 2005
                      View Source
                      • 0 Attachment
                        <<< I have a 1989 Mercedes Benz (by the way, if you put that beside a
                        1987 Mercedes Benz, there would be some differences besides the VIN). >>>


                        Clearly, I was talking about two identical cars, but deliberately or
                        otherwise, you decided to ignore that important part, which I find
                        interesting.

                        However, not as interesting as how you have made this enormous,
                        unsubstantiated and unsupported leap from the NSA applying for a patent in
                        2000 for a process to determine the locations of computers (invented by two
                        individuals from Maryland), and concluded that it must be based on a school
                        paper that a student of the University of California wrote in 2005 which was
                        NOT about determining the locations of computers - that just amazes me.


                        <<< And now I grow bored of "debate infinity", so Jim feel free to close..
                        >>>

                        Odd, as in your initial post, you said "An interesting topic of conversation
                        I believe." Did you only want to discuss it with someone who agreed with
                        you?

                        You were close though - another 50 or 60 paragraphs of gobbledy-gook, and
                        you'd have had me convinced.

                        LOL!

                        Jim

                        =================

                        JIM PARKER - Chief Investigator
                        Email Tracing & Internet Fraud Specialist.
                        Axis Investigative Services, Inc. (FL)
                        Web: http://www.FloridaDetectives.com
                        Email: Jim@...
                        Florida License #: A-2000163

                        Director / Team Member of MissingKIN
                        "Dedicated to finding missing and abducted children"
                        Web: http://www.MissingKIN.com


                        --
                        No virus found in this outgoing message.
                        Checked by AVG Anti-Virus.
                        Version: 7.0.344 / Virus Database: 267.11.8/114 - Release Date: 9/28/2005
                      Your message has been successfully submitted and would be delivered to recipients shortly.