dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3764
share rss forum feed


hm

@videotron.ca
reply to mlerner

Re: Trail of Pierre Poutine leads to open Wi-Fi connection

said by mlerner:

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

Rogers has had issues with dupe MAC's, as opposed to Videotron. I don't know Rogers network at all aside from what people tell me, but when it comes to dupe MAC's, Rogers is/was known to have issues.

So no clue if they fixed this up or what they do/did to address this problem. But we're not talking a long time ago either...


milnoc

join:2001-03-05
H3B
kudos:2
reply to hm

said by hm :

1. 99.225.28.34 Rogers IP, in a house with 4 occupants, w/ an open wifi, residents claim the wireless signal was weak.

If they are clueless about wireless and think the signal was weak, what makes you so sure they weren't rooted and being used as a proxy which slowed down their browsing?

Probably because the signal was NOT weak from the street, and they simply didn't understand how the technology works. They might have had the router behind a cement or metal wall, giving them the impression the signal was weak when it was just being shielded.

As for the hackers using a rooted system, does anyone here REALLY believe that the aides of a political candidate would actually be smart enough to orchestrate something like that?

Really!

It is MUCH easier to find an open Wi-Fi router in a residential area with a laptop or a phone than it is to orchestrate an elaborate hacking scheme.
--
Watch my future television channel's public test broadcast!
»thecanadianpublic.com/live


Ott_Cable

@teksavvy.com
reply to hm

Why can't it be as simple as a drive-by with a high gain wifi antenna (e.g. pringles can one) or even someone living in the same building stealing WiFi for accessing/uploading to the robocaller service?


Vomio

join:2008-04-01
Reviews:
·odynet
reply to hm

I wonder what versions of Docsis were running on the system? The weakest link and all that.

An approach to deal with problem duplicates is to take the legitimate insecure modem out of the equation temporarily. Even if the owner had changed their name/pass on the box, the CableCo's admin. is probably available.

On restart _it_ would be seem to be the clone on the system and might effectively get DoSed or not.

I'd guess with the right timing one would gain enough of a window to upload one's bulk email to the service for distribution.

Who knows what way this was all done, there are definitely more than a couple of ways to play the game.

The effect is pretty much the same.

The fox left the hen house long ago, I imagine all the windows at the crime scenes have nose marks all over them.

If somebody was going to blow the whistle on a participant they'd have probably done it long ago.

My guess is that what you are seeing is money being spent to appear to do something. "Better late than never." for political reasons.

"We exhausted all avenues, we even got Google out of bed to answer the phone."

--Vomio

The toybox Backtrack5 r3 is officially out today, check out what's new.



hm

@videotron.ca
reply to milnoc

I'm not sure what it is you're saying Milnoc.

5 confirmed people from the same office used the IP.

Are you saying 5 people who were confirmed to be in the election office when they had that IP used electron transmorgifying deathcon magnetic field arrays to warp over to the other side of town to log into the Conservative Election HQ portal?

So there were a total of 5 (or 6) people in on the electoral scam that decided to drive to the other end of Guelph for that one and only open wifi?

I'm not sure if you're saying this, but you seem to be.

The thing is Milnoc, this isn't elaborate. Not at all. It's one of the easiest things to do. Anyone who knows proxies knows this.

You pump an IP into your browser (or your software re-directer, like ProxyCap) and it's done. End of story.

It's very possible there were multiple people involved on the scam. It's not very likely that 5 people in total are so stupid as to forget to remove the proxy. Chances are they didn't know they were being redirected to a proxy when logging in.

So in all likelyhood these 5 people (or some of the 5) were clueless to a proxy on whatever machine they used.

There was never a need to leave the office to go to the other end of town to get on someone's open wifi. Also, this explains what the so called investigator couldn't understand, or refused to answer to the court.

This is the easiest thing in the world to do. Not even near elaborate. I would have even done it this way myself instead of getting 5 or 6 people to go across town.

For someone who never did these things it would/could seem like a learning curve & elaborate. But, trust me, it's the easiest thing in the world. Once you grasp it (which is a piece of cake for anyone) you will realize this is the easiest thing to do, and the most practical. Easier than finding an open wifi the other side of town and transporting 5 (or 6) people to it.

Those who play with proxies here will confirm it's a piece of cake with a 1-hr learning curve.



hm

@videotron.ca
reply to Ott_Cable

said by Ott_Cable :

Why can't it be as simple as a drive-by with a high gain wifi antenna (e.g. pringles can one) or even someone living in the same building stealing WiFi for accessing/uploading to the robocaller service?

Because it was confirmed 5 people from the office on the other end of town. Or rather, 5 logins (assumed to be people since this wasn't denied).


Eight Ball

@videotron.ca

Someone should notify Karl about this topic and he should write about this one. It will make Elections Canada and these investigators look stupid.

But in court documents, Mathews (an Elections Canada investigator) offers no possible explanation for how or why five campaign workers all signed on from the same IP address used by Poutine - and over a Wi-Fi signal nowhere close to their office.

Voodoo.

funny0

join:2010-12-22
reply to hm

said by hm :

Funny, don't scare people off. It's not illegal (depending on how you get it).

Mlerner, the article is full of it. He didn't need wifi or be within 99-milies of that open wifi signal. Red herring. The article and the investigator are tossing BS out there.

What we know:

1. 99.225.28.34 Rogers IP, in a house with 4 occupants, w/ an open wifi, residents claim the wireless signal was weak.

If they are clueless about wireless and think the signal was weak, what makes you so sure they weren't rooted and being used as a proxy which slowed down their browsing?

2. It seems unlikely anyone in the Burke campaign head-quarters, which was located northeast of Guelph's down-town, could have connected to a Wi-Fi signal on the opposite side of the city.

They sure could have if this residence had an open proxy! So yes, it's very likely they could have connected. Matter of fact. This is the only way it could have occurred with 5 diff people across town. Unless Rogers wants to state they someone gave the same 2 IP's ...

3. But in court documents, Mathews (an Elections Canada investigator) offers no possible explanation for how or why five campaign workers all signed on from the same IP address used by Poutine - and over a Wi-Fi signal nowhere close to their office.

A) The Investigator who has no clue how this is done: That is because this investigator is A) Playing dumb B) Is dumb C) just wants this all swept under a rug. Many people know how to do this (except Milnoc who wants to hide from Anon and not learn something).

B) (How did 5 workers do this): 5 campaign workers DID NOT have to be parked at this residence's front door to get a wifi signal and that IP. All 5 of them would have proxied in. Heck of a lot more efficient than 6 people total all driving to the other side of town where only one single open wifi signal exists in all of Guelph, eh? This is the only way 5 people who we will assume are very clueless could have done this. There is no other way. Yet the investigator ignores this.

4. Other records obtained by Elections Canada show that five members of the Burke campaign team used that same IP address in the final weeks of the campaign to access CIMS, the Conservative party's central database of voter information.

That is because they had the following:
A) software running on their computer to redirect to the 99.225.28.34 proxy (ie a wingate software like what "Funny" stated, a type of firewall software)
B) Or their browser(s) were setup to use the proxy and they forgot about it.
C) Keep in mind, it's 5 people in the election camaign, not 5 different computers (they never state 5 diff computers).

So, to me the easiest thing that occurred is someone shared a computer that was set-up to connect to the proxy, others used it while the proxy was enabled. Easy as that.

5. Indeed, Mathews (an Elections Canada investigator) suggests that the subscriber information behind the IP address looks to be a dead lead, calling it "so far inconclusive."

The investigator needs to learn what a proxy is. Someone should file a complaint and have this guy removed from the investigation.

The wireless thing reported in the media is a red herring. It's not even required that they be near the signal with a rooted machine. Total BS.

So 5 or 6 people on the same IP across town, Could it be anything else aside from a proxy? No. Unless Rogers wants to come out and say maybe they have wrong records, or some possibility exists where 2 diff Rogers' modems will have the same IP.

Milnoc, I know this is hard for you, so just ignore me.

legal who sai danyhtng about illegal , its what you do with it that the fbi wants to know and when you do they got you and scare people off that was info leaked ot me that a russian proxy site made me a premium member to get access to all the "elite" proxies....when russians dont know.....

p.s. 10 years ago so what ya bet they acquired more ips....

funny0

join:2010-12-22
reply to mlerner

said by mlerner:

said by Ott_Cable :

Would a cloned modem would ended up having the same IP address at all at different segments of the cable network? Looking at non-aggregated TPIA, there seems to be IP pools for each POI. Not sure how Rogers does it for their subscribers, but likely IP addresses are regional.

If both modem get the same IP, then something will be broken and get noticed. So cloning likely only works on different network segments.

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

so what if you temproarily disable the non clone and do your deed then walk off .....ya i can see that

funny0

join:2010-12-22
reply to hm

said by hm :

said by mlerner:

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

Rogers has had issues with dupe MAC's, as opposed to Videotron. I don't know Rogers network at all aside from what people tell me, but when it comes to dupe MAC's, Rogers is/was known to have issues.

So no clue if they fixed this up or what they do/did to address this problem. But we're not talking a long time ago either...

think cogeco and you got more issues

funny0

join:2010-12-22
reply to milnoc

said by milnoc:

said by hm :

1. 99.225.28.34 Rogers IP, in a house with 4 occupants, w/ an open wifi, residents claim the wireless signal was weak.

If they are clueless about wireless and think the signal was weak, what makes you so sure they weren't rooted and being used as a proxy which slowed down their browsing?

Probably because the signal was NOT weak from the street, and they simply didn't understand how the technology works. They might have had the router behind a cement or metal wall, giving them the impression the signal was weak when it was just being shielded.

As for the hackers using a rooted system, does anyone here REALLY believe that the aides of a political candidate would actually be smart enough to orchestrate something like that?

Really!

It is MUCH easier to find an open Wi-Fi router in a residential area with a laptop or a phone than it is to orchestrate an elaborate hacking scheme.

yes i do believe it....and i have my reasons for knowing it....

funny0

join:2010-12-22
reply to Vomio

said by Vomio:

I wonder what versions of Docsis were running on the system? The weakest link and all that.

An approach to deal with problem duplicates is to take the legitimate insecure modem out of the equation temporarily. Even if the owner had changed their name/pass on the box, the CableCo's admin. is probably available.

On restart _it_ would be seem to be the clone on the system and might effectively get DoSed or not.

I'd guess with the right timing one would gain enough of a window to upload one's bulk email to the service for distribution.

Who knows what way this was all done, there are definitely more than a couple of ways to play the game.

The effect is pretty much the same.

The fox left the hen house long ago, I imagine all the windows at the crime scenes have nose marks all over them.

If somebody was going to blow the whistle on a participant they'd have probably done it long ago.

My guess is that what you are seeing is money being spent to appear to do something. "Better late than never." for political reasons.

"We exhausted all avenues, we even got Google out of bed to answer the phone."

--Vomio

The toybox Backtrack5 r3 is officially out today, check out what's new.

you all realize its long since past when hackers hacking you will tell you how or why its done cause every time they do it people toss them in jails.....


agree

@videotron.ca
reply to funny0

said by funny0:

legal who sai danyhtng about illegal , its what you do with it that the fbi wants to know and when you do they got you and scare people off that was info leaked ot me that a russian proxy site made me a premium member to get access to all the "elite" proxies....when russians dont know.....

p.s. 10 years ago so what ya bet they acquired more ips....

heh I do not doubt it. 10 years ago is around when that info was leaked to me as well. Everyone got them from the russians. The Russians had the best.

To get a premium unused one, for example, the Guelph IP, Or to request a premium un-used one in the IP range of your choice, it was only 5 to 20$. These same forums for these request still exist 10 years later. You buy 3 premium ones and bingo a nice chain.

Or you have a friend who is into making XDCC bots or bot-nets, which most everyone has, and have him reserve 3 stable good ones for you to use as a proxy.

Pierre Poutine spent more on visa cards and Paypal than what could be accounted for. Could this have been done? for sure. It's not very elaborate and it's very cheap. Unless the guy did it himself.

The news article is very very weak. They don't state if they investigated what IP's connected to the 99-Rogers IP (or vice-versa), they only state the Guelph Election HQ had the other Rogers IP when connecting to the conservative election portal and that this IP had an open wifi.

That to me smells of proxy(s) and nothing else.

Very weak reporting, very weak court details given by the investigators which make it seem they never heard of a proxy.

Unless Rogers wants to come out and say two diff modems will have the same IP, which I doubt.


Ott_Cable

@teksavvy.com

If the internet could function correctly with duplicated IP addresses, we wouldn't be running out of IP address. The entire block of address get routed to Rogers from their peering/transit unless your shady Russian proxy IP block is also on Rogers network some how.

Once within Rogers own network (and I am assuming Rogers is the ISP for both locations), not sure how the packets get routed back to the two different locations in opposite side of town that claims to have the same IP address without having traffic losses or weird problems.

It might be as simple as the "IT guy" at their office incorrectly hard coded an static IP address on the network previously and that IP address, but eventually gotten allocated.

If Mr. Poutine is using a burner phone, why risk using the internet connection at work when you can also get a burner wireless internet stick?



clarified

@videotron.ca

Ott_Cable. I'm playing with words here. The two Modems did not have the same IP.

The people at the election HQ had a proxy running which gave them the IP of the people on the other end of town.

But now the RCMP will look into it as a last ditch effort.... Months later where the data will now likely be gone. Because the Electron Canada investigators can't comprehend what a proxy is and don't understand how someone across town can log in someplace with an IP they were not assigned.

»www.ottawacitizen.com/life/Will+···ory.html

It's like Vomio stated. This investigation is meant to fail and be swept under the rug.



Ott_Cable

@teksavvy.com

I can fake give away a phone# and change CID on my VoIP all I want, but if I want to get a call from someone else then the phone # I give out better be able to reach my phone. Same problem with the IP address except every single reply packets would have the other side ringing your number.

You can spoof the orginating IP address of a packet very easily, but don't expect to be able to run any regular internal protocols without having the ack/handshaking packets coming back to you. The rest of the internet have to be able to route that reply somehow. So claiming a "proxy" can fake an IP still does not explain how the person can use it to communicate correctly.



PierrePoutin

@69.197.160.x

A Penny on my card's wi fi antenna seems better. I can only now pick up weak wireless signals in Kansas City!

I need something with less power! On the hunt...



PierrePoutin

@gurutek.biz
reply to Ott_Cable

Hey look my IP changed by only putting an empty Pringles can on my wi-fi card. I can now get open wi-fi in France!



PierrePoutin

@coolhousing.net
reply to Ott_Cable

OMG! A Pringle can + a wire clothes hanger shows wi-fi from the Czech Republic! The gain of my homemade antenna is way to much. I better try to just use a penny and see where I end up!

So it's true! a Pringles can can connect all the was across Guelph! Can't be a proxy like the anon dummy says!



PierrePoutin

@privatedns.com
reply to PierrePoutin

I now have a tinfoil hat on my wifi cards to connect to an open wifi some place in Canada. Not sure where. Think it's Iweb Technologies. Think that's in Quebec. Close. Ontario here I come...



Do it

@videotron.ca
reply to Ott_Cable

said by Ott_Cable :

So claiming a "proxy" can fake an IP still does not explain how the person can use it to communicate correctly.

It works.
I suggest you learn it and try it. I can point you to some thing but that would likely just get this post deleted, so I won't.

Once you do learn, you will then do a 360 and slap your forehead.

Then you will become addicted to proxies and your interest will increase and then you will become evil once you have your own pool of 1000 IP's for your personal use to play with.

I get the feeling "funny" has been down this road


Le Sigh

@videotron.ca
reply to Ott_Cable

said by Ott_Cable :

So claiming a "proxy" can fake an IP still does not explain how the person can use it to communicate correctly.

I can't believe I'm googling for you, but any and all protocols will go through the spoofed address in either direction.

»www.google.ca/search?q=what+are+···HihYGYCg

»www.google.ca/search?q=what+is+a···H3noGgAg

»www.google.ca/search?q=what+is+a···GZvYC4Dw

You can search more on your own. Use your imagination. People have only been doing this since the mid 90's.


milnoc

join:2001-03-05
H3B
kudos:2
reply to milnoc

Man! All this pointless bickering between anonymous posters! It's like being in an argument with thirteen year old script kiddies!
--
Watch my future television channel's public test broadcast!
»thecanadianpublic.com/live

Expand your moderator at work


wowzerss

@videotron.ca
reply to Ott_Cable

Re: Trail of Pierre Poutine leads to open Wi-Fi connection

said by Ott_Cable :

I can fake give away a phone# and change CID on my VoIP all I want, but if I want to get a call from someone else then the phone # I give out better be able to reach my phone. Same problem with the IP address except every single reply packets would have the other side ringing your number.

You can spoof the orginating IP address of a packet very easily, but don't expect to be able to run any regular internal protocols without having the ack/handshaking packets coming back to you. The rest of the internet have to be able to route that reply somehow. So claiming a "proxy" can fake an IP still does not explain how the person can use it to communicate correctly.

Don't forget you have a port(s) open for this.

You can run *any* protocol and *any* service.

said by Ott_Cable :

Why can't it be as simple as a drive-by with a high gain wifi antenna (e.g. pringles can one) or even someone living in the same building stealing WiFi for accessing/uploading to the robocaller service?

A high gain Pringles can? I really, really doubt that. Besides that would require 5 (or 6) different people running around to the other side of Guelph with an empty Pringles can. heh (had a mental image of this, made me giggle). Though the person above claims to have reach Taiwan or something with a pringles can...

There are some people in this forum who have really high gain stuff that they can wire to that residential Rogers 99-ip. But it would have to be up on a tower, be in line of sight, and cause brain cancer with the power it would pump out to be able to reach the 80-km away and then the people would have to take the tower down w/ no one noticing so that the investigators wouldn't find out.

Seem plausible to you? Does it really require Myth Busters to solve? Is it even cost effective (never mind the labour)?

I wonder if Milnoc still thinks this can't be done?

Now does anyone see the issue with the investigator scratching his head when asked in court how it could be done?

Does it seem like someone is playing dumb?


I hate anon

@videotron.ca
reply to milnoc

said by milnoc:

Man! All this pointless bickering between anonymous posters! It's like being in an argument with thirteen year old script kiddies!

F'ing Anon. I'm going to ignore them from now on.


Ahem

@videotron.ca
reply to milnoc

said by milnoc:

Man! All this pointless bickering between anonymous posters! It's like being in an argument with thirteen year old script kiddies!

Also... I don't mean to be rude, but...
said by milnoc:

said by hm :

What makes them think it was via WiFi? What caused them to come to that conclusion?

*Sigh* Doesn't anyone READ anymore?

Seems to me a 13 year old would put you in your place with how the internet works, and with being able to *read*.


milnoc

join:2001-03-05
H3B
kudos:2
reply to wowzerss

said by wowzerss :

I wonder if Milnoc still thinks this can't be done?

I'm not saying it can't be done. Proxy or Wi-Fi wardriving, both will work. But the wardriving solution is the simplest one available that can ensure the best anonymity with minimal intervention. It requires very little set-up (change your network name and MAC address, activate private browsing) and can easily be accomplished from inside a parked car.

Setting someone up with a Trojan proxy server however can be a bit more complicated to pull off, especially for a campaign worker. And there's always the risk of accidentally infecting the campaign headquarters' network itself if you don't know what you're doing.
--
Watch my future television channel's public test broadcast!
»thecanadianpublic.com/live


Ott_Cable

@teksavvy.com
reply to wowzerss

>Don't forget you have a port(s) open for this.

You are confusing how a firewall works vs how IP traffics are routed out in the cloud. The returning packets still needs to be routed by routers at the transit/peering. IP traffics might take different routes to/from your destination, so the 2 direction of traffic flow are 2 set of IP routes.

»think-like-a-computer.com/2011/0···routing/
>When packets take a certain route to their destination they DO NOT have to take the same route back. I can’t stress this enough, packets DO NOT record the route they take.

A proxy server actually have to own the IP address(es) that it claims to have, but it lends it to a user so that it would appears that the traffic came from the server itself. It is not a magical box that send and receive IP packets from the internet cloud without using real IP addresses. Without using real routable IP addresses to the outside world, the return packet would not get back to the proxy server.

Now if the router/PC on the other side did get infected and get a proxy installed and the election office bounces traffic to it to access the robocall, then the election office would appear to have the same address. It is so much easier to use/crack a WiFi or buy a burner wireless sticks than using an infect host as there are always traces of the hidden proxy left behind to be discovered.