dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
53

hm
@videotron.ca

hm to funny0

Anon

to funny0

Re: Trail of Pierre Poutine leads to open Wi-Fi connection

Funny, don't scare people off. It's not illegal (depending on how you get it).

Mlerner, the article is full of it. He didn't need wifi or be within 99-milies of that open wifi signal. Red herring. The article and the investigator are tossing BS out there.

What we know:

1. 99.225.28.34 Rogers IP, in a house with 4 occupants, w/ an open wifi, residents claim the wireless signal was weak.

If they are clueless about wireless and think the signal was weak, what makes you so sure they weren't rooted and being used as a proxy which slowed down their browsing?

2. It seems unlikely anyone in the Burke campaign head-quarters, which was located northeast of Guelph's down-town, could have connected to a Wi-Fi signal on the opposite side of the city.

They sure could have if this residence had an open proxy! So yes, it's very likely they could have connected. Matter of fact. This is the only way it could have occurred with 5 diff people across town. Unless Rogers wants to state they someone gave the same 2 IP's ...

3. But in court documents, Mathews (an Elections Canada investigator) offers no possible explanation for how or why five campaign workers all signed on from the same IP address used by Poutine - and over a Wi-Fi signal nowhere close to their office.

A) The Investigator who has no clue how this is done: That is because this investigator is A) Playing dumb B) Is dumb C) just wants this all swept under a rug. Many people know how to do this (except Milnoc who wants to hide from Anon and not learn something).

B) (How did 5 workers do this): 5 campaign workers DID NOT have to be parked at this residence's front door to get a wifi signal and that IP. All 5 of them would have proxied in. Heck of a lot more efficient than 6 people total all driving to the other side of town where only one single open wifi signal exists in all of Guelph, eh? This is the only way 5 people who we will assume are very clueless could have done this. There is no other way. Yet the investigator ignores this.

4. Other records obtained by Elections Canada show that five members of the Burke campaign team used that same IP address in the final weeks of the campaign to access CIMS, the Conservative party's central database of voter information.

That is because they had the following:
A) software running on their computer to redirect to the 99.225.28.34 proxy (ie a wingate software like what "Funny" stated, a type of firewall software)
B) Or their browser(s) were setup to use the proxy and they forgot about it.
C) Keep in mind, it's 5 people in the election camaign, not 5 different computers (they never state 5 diff computers).

So, to me the easiest thing that occurred is someone shared a computer that was set-up to connect to the proxy, others used it while the proxy was enabled. Easy as that.

5. Indeed, Mathews (an Elections Canada investigator) suggests that the subscriber information behind the IP address looks to be a dead lead, calling it "so far inconclusive."

The investigator needs to learn what a proxy is. Someone should file a complaint and have this guy removed from the investigation.

The wireless thing reported in the media is a red herring. It's not even required that they be near the signal with a rooted machine. Total BS.

So 5 or 6 people on the same IP across town, Could it be anything else aside from a proxy? No. Unless Rogers wants to come out and say maybe they have wrong records, or some possibility exists where 2 diff Rogers' modems will have the same IP.

Milnoc, I know this is hard for you, so just ignore me.
hm

hm

Anon

Just to add clarification:

Above I stated it's either a proxy, or Rogers has some explaining to do with their IP's.

I state this because the Election Campaign HQ where the 5 or 6 people connected to that Rogers IP ("supposedly" via wireless, but that's a crux) on the other side of town also used Rogers internet services.
Vomio
join:2008-04-01

Vomio

Member

How about something simple like a cloned / hacked modem and a fixed/forced IP and MAC.

Rogers seems to be very cautious about their modems and stifling tales of hacks and I know that this is not the place to discuss such things.

So, I won't discuss it further other than to say that insecure connection and drive-by sniffing might possibly give you all the information you need for use later.
Expand your moderator at work

Ott_Cable
@teksavvy.com

Ott_Cable to Vomio

Anon

to Vomio

Re: Trail of Pierre Poutine leads to open Wi-Fi connection

Would a cloned modem would ended up having the same IP address at all at different segments of the cable network? Looking at non-aggregated TPIA, there seems to be IP pools for each POI. Not sure how Rogers does it for their subscribers, but likely IP addresses are regional.

If both modem get the same IP, then something will be broken and get noticed. So cloning likely only works on different network segments.

BACONATOR26
Premium Member
join:2000-11-25
Nepean, ON

BACONATOR26 to Vomio

Premium Member

to Vomio
said by Vomio:

How about something simple like a cloned / hacked modem and a fixed/forced IP and MAC.

That is no longer possible with DOCSIS and the encryption methods that Rogers now uses. Cloning alone also does nothing.
BACONATOR26

BACONATOR26 to Ott_Cable

Premium Member

to Ott_Cable
said by Ott_Cable :

Would a cloned modem would ended up having the same IP address at all at different segments of the cable network? Looking at non-aggregated TPIA, there seems to be IP pools for each POI. Not sure how Rogers does it for their subscribers, but likely IP addresses are regional.

If both modem get the same IP, then something will be broken and get noticed. So cloning likely only works on different network segments.

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

hm
@videotron.ca

hm

Anon

said by BACONATOR26:

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

Rogers has had issues with dupe MAC's, as opposed to Videotron. I don't know Rogers network at all aside from what people tell me, but when it comes to dupe MAC's, Rogers is/was known to have issues.

So no clue if they fixed this up or what they do/did to address this problem. But we're not talking a long time ago either...

milnoc
join:2001-03-05
Ottawa

milnoc to hm

Member

to hm
said by hm :

1. 99.225.28.34 Rogers IP, in a house with 4 occupants, w/ an open wifi, residents claim the wireless signal was weak.

If they are clueless about wireless and think the signal was weak, what makes you so sure they weren't rooted and being used as a proxy which slowed down their browsing?

Probably because the signal was NOT weak from the street, and they simply didn't understand how the technology works. They might have had the router behind a cement or metal wall, giving them the impression the signal was weak when it was just being shielded.

As for the hackers using a rooted system, does anyone here REALLY believe that the aides of a political candidate would actually be smart enough to orchestrate something like that?

Really!

It is MUCH easier to find an open Wi-Fi router in a residential area with a laptop or a phone than it is to orchestrate an elaborate hacking scheme.

Ott_Cable
@teksavvy.com

Ott_Cable to hm

Anon

to hm
Why can't it be as simple as a drive-by with a high gain wifi antenna (e.g. pringles can one) or even someone living in the same building stealing WiFi for accessing/uploading to the robocaller service?

hm
@videotron.ca

hm to milnoc

Anon

to milnoc
I'm not sure what it is you're saying Milnoc.

5 confirmed people from the same office used the IP.

Are you saying 5 people who were confirmed to be in the election office when they had that IP used electron transmorgifying deathcon magnetic field arrays to warp over to the other side of town to log into the Conservative Election HQ portal?

So there were a total of 5 (or 6) people in on the electoral scam that decided to drive to the other end of Guelph for that one and only open wifi?

I'm not sure if you're saying this, but you seem to be.

The thing is Milnoc, this isn't elaborate. Not at all. It's one of the easiest things to do. Anyone who knows proxies knows this.

You pump an IP into your browser (or your software re-directer, like ProxyCap) and it's done. End of story.

It's very possible there were multiple people involved on the scam. It's not very likely that 5 people in total are so stupid as to forget to remove the proxy. Chances are they didn't know they were being redirected to a proxy when logging in.

So in all likelyhood these 5 people (or some of the 5) were clueless to a proxy on whatever machine they used.

There was never a need to leave the office to go to the other end of town to get on someone's open wifi. Also, this explains what the so called investigator couldn't understand, or refused to answer to the court.

This is the easiest thing in the world to do. Not even near elaborate. I would have even done it this way myself instead of getting 5 or 6 people to go across town.

For someone who never did these things it would/could seem like a learning curve & elaborate. But, trust me, it's the easiest thing in the world. Once you grasp it (which is a piece of cake for anyone) you will realize this is the easiest thing to do, and the most practical. Easier than finding an open wifi the other side of town and transporting 5 (or 6) people to it.

Those who play with proxies here will confirm it's a piece of cake with a 1-hr learning curve.
hm

hm to Ott_Cable

Anon

to Ott_Cable
said by Ott_Cable :

Why can't it be as simple as a drive-by with a high gain wifi antenna (e.g. pringles can one) or even someone living in the same building stealing WiFi for accessing/uploading to the robocaller service?

Because it was confirmed 5 people from the office on the other end of town. Or rather, 5 logins (assumed to be people since this wasn't denied).
Vomio
join:2008-04-01

Vomio to hm

Member

to hm
I wonder what versions of Docsis were running on the system? The weakest link and all that.

An approach to deal with problem duplicates is to take the legitimate insecure modem out of the equation temporarily. Even if the owner had changed their name/pass on the box, the CableCo's admin. is probably available.

On restart _it_ would be seem to be the clone on the system and might effectively get DoSed or not.

I'd guess with the right timing one would gain enough of a window to upload one's bulk email to the service for distribution.

Who knows what way this was all done, there are definitely more than a couple of ways to play the game.

The effect is pretty much the same.

The fox left the hen house long ago, I imagine all the windows at the crime scenes have nose marks all over them.

If somebody was going to blow the whistle on a participant they'd have probably done it long ago.

My guess is that what you are seeing is money being spent to appear to do something. "Better late than never." for political reasons.

"We exhausted all avenues, we even got Google out of bed to answer the phone."

--Vomio

The toybox Backtrack5 r3 is officially out today, check out what's new.

Eight Ball
@videotron.ca

Eight Ball to hm

Anon

to hm
Someone should notify Karl about this topic and he should write about this one. It will make Elections Canada and these investigators look stupid.

But in court documents, Mathews (an Elections Canada investigator) offers no possible explanation for how or why five campaign workers all signed on from the same IP address used by Poutine - and over a Wi-Fi signal nowhere close to their office.

Voodoo.
funny0
join:2010-12-22

funny0 to hm

Member

to hm
said by hm :

Funny, don't scare people off. It's not illegal (depending on how you get it).

Mlerner, the article is full of it. He didn't need wifi or be within 99-milies of that open wifi signal. Red herring. The article and the investigator are tossing BS out there.

What we know:

1. 99.225.28.34 Rogers IP, in a house with 4 occupants, w/ an open wifi, residents claim the wireless signal was weak.

If they are clueless about wireless and think the signal was weak, what makes you so sure they weren't rooted and being used as a proxy which slowed down their browsing?

2. It seems unlikely anyone in the Burke campaign head-quarters, which was located northeast of Guelph's down-town, could have connected to a Wi-Fi signal on the opposite side of the city.

They sure could have if this residence had an open proxy! So yes, it's very likely they could have connected. Matter of fact. This is the only way it could have occurred with 5 diff people across town. Unless Rogers wants to state they someone gave the same 2 IP's ...

3. But in court documents, Mathews (an Elections Canada investigator) offers no possible explanation for how or why five campaign workers all signed on from the same IP address used by Poutine - and over a Wi-Fi signal nowhere close to their office.

A) The Investigator who has no clue how this is done: That is because this investigator is A) Playing dumb B) Is dumb C) just wants this all swept under a rug. Many people know how to do this (except Milnoc who wants to hide from Anon and not learn something).

B) (How did 5 workers do this): 5 campaign workers DID NOT have to be parked at this residence's front door to get a wifi signal and that IP. All 5 of them would have proxied in. Heck of a lot more efficient than 6 people total all driving to the other side of town where only one single open wifi signal exists in all of Guelph, eh? This is the only way 5 people who we will assume are very clueless could have done this. There is no other way. Yet the investigator ignores this.

4. Other records obtained by Elections Canada show that five members of the Burke campaign team used that same IP address in the final weeks of the campaign to access CIMS, the Conservative party's central database of voter information.

That is because they had the following:
A) software running on their computer to redirect to the 99.225.28.34 proxy (ie a wingate software like what "Funny" stated, a type of firewall software)
B) Or their browser(s) were setup to use the proxy and they forgot about it.
C) Keep in mind, it's 5 people in the election camaign, not 5 different computers (they never state 5 diff computers).

So, to me the easiest thing that occurred is someone shared a computer that was set-up to connect to the proxy, others used it while the proxy was enabled. Easy as that.

5. Indeed, Mathews (an Elections Canada investigator) suggests that the subscriber information behind the IP address looks to be a dead lead, calling it "so far inconclusive."

The investigator needs to learn what a proxy is. Someone should file a complaint and have this guy removed from the investigation.

The wireless thing reported in the media is a red herring. It's not even required that they be near the signal with a rooted machine. Total BS.

So 5 or 6 people on the same IP across town, Could it be anything else aside from a proxy? No. Unless Rogers wants to come out and say maybe they have wrong records, or some possibility exists where 2 diff Rogers' modems will have the same IP.

Milnoc, I know this is hard for you, so just ignore me.

legal who sai danyhtng about illegal , its what you do with it that the fbi wants to know and when you do they got you and scare people off that was info leaked ot me that a russian proxy site made me a premium member to get access to all the "elite" proxies....when russians dont know.....

p.s. 10 years ago so what ya bet they acquired more ips....
funny0

funny0 to BACONATOR26

Member

to BACONATOR26
said by BACONATOR26:

said by Ott_Cable :

Would a cloned modem would ended up having the same IP address at all at different segments of the cable network? Looking at non-aggregated TPIA, there seems to be IP pools for each POI. Not sure how Rogers does it for their subscribers, but likely IP addresses are regional.

If both modem get the same IP, then something will be broken and get noticed. So cloning likely only works on different network segments.

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

so what if you temproarily disable the non clone and do your deed then walk off .....ya i can see that
funny0

funny0 to hm

Member

to hm
said by hm :

said by BACONATOR26:

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

Rogers has had issues with dupe MAC's, as opposed to Videotron. I don't know Rogers network at all aside from what people tell me, but when it comes to dupe MAC's, Rogers is/was known to have issues.

So no clue if they fixed this up or what they do/did to address this problem. But we're not talking a long time ago either...

think cogeco and you got more issues
funny0

funny0 to milnoc

Member

to milnoc
said by milnoc:

said by hm :

1. 99.225.28.34 Rogers IP, in a house with 4 occupants, w/ an open wifi, residents claim the wireless signal was weak.

If they are clueless about wireless and think the signal was weak, what makes you so sure they weren't rooted and being used as a proxy which slowed down their browsing?

Probably because the signal was NOT weak from the street, and they simply didn't understand how the technology works. They might have had the router behind a cement or metal wall, giving them the impression the signal was weak when it was just being shielded.

As for the hackers using a rooted system, does anyone here REALLY believe that the aides of a political candidate would actually be smart enough to orchestrate something like that?

Really!

It is MUCH easier to find an open Wi-Fi router in a residential area with a laptop or a phone than it is to orchestrate an elaborate hacking scheme.

yes i do believe it....and i have my reasons for knowing it....
funny0

funny0 to Vomio

Member

to Vomio
said by Vomio:

I wonder what versions of Docsis were running on the system? The weakest link and all that.

An approach to deal with problem duplicates is to take the legitimate insecure modem out of the equation temporarily. Even if the owner had changed their name/pass on the box, the CableCo's admin. is probably available.

On restart _it_ would be seem to be the clone on the system and might effectively get DoSed or not.

I'd guess with the right timing one would gain enough of a window to upload one's bulk email to the service for distribution.

Who knows what way this was all done, there are definitely more than a couple of ways to play the game.

The effect is pretty much the same.

The fox left the hen house long ago, I imagine all the windows at the crime scenes have nose marks all over them.

If somebody was going to blow the whistle on a participant they'd have probably done it long ago.

My guess is that what you are seeing is money being spent to appear to do something. "Better late than never." for political reasons.

"We exhausted all avenues, we even got Google out of bed to answer the phone."

--Vomio

The toybox Backtrack5 r3 is officially out today, check out what's new.

you all realize its long since past when hackers hacking you will tell you how or why its done cause every time they do it people toss them in jails.....

agree
@videotron.ca

agree to funny0

Anon

to funny0
said by funny0:

legal who sai danyhtng about illegal , its what you do with it that the fbi wants to know and when you do they got you and scare people off that was info leaked ot me that a russian proxy site made me a premium member to get access to all the "elite" proxies....when russians dont know.....

p.s. 10 years ago so what ya bet they acquired more ips....

heh I do not doubt it. 10 years ago is around when that info was leaked to me as well. Everyone got them from the russians. The Russians had the best.

To get a premium unused one, for example, the Guelph IP, Or to request a premium un-used one in the IP range of your choice, it was only 5 to 20$. These same forums for these request still exist 10 years later. You buy 3 premium ones and bingo a nice chain.

Or you have a friend who is into making XDCC bots or bot-nets, which most everyone has, and have him reserve 3 stable good ones for you to use as a proxy.

Pierre Poutine spent more on visa cards and Paypal than what could be accounted for. Could this have been done? for sure. It's not very elaborate and it's very cheap. Unless the guy did it himself.

The news article is very very weak. They don't state if they investigated what IP's connected to the 99-Rogers IP (or vice-versa), they only state the Guelph Election HQ had the other Rogers IP when connecting to the conservative election portal and that this IP had an open wifi.

That to me smells of proxy(s) and nothing else.

Very weak reporting, very weak court details given by the investigators which make it seem they never heard of a proxy.

Unless Rogers wants to come out and say two diff modems will have the same IP, which I doubt.

Ott_Cable
@teksavvy.com

Ott_Cable

Anon

If the internet could function correctly with duplicated IP addresses, we wouldn't be running out of IP address. The entire block of address get routed to Rogers from their peering/transit unless your shady Russian proxy IP block is also on Rogers network some how.

Once within Rogers own network (and I am assuming Rogers is the ISP for both locations), not sure how the packets get routed back to the two different locations in opposite side of town that claims to have the same IP address without having traffic losses or weird problems.

It might be as simple as the "IT guy" at their office incorrectly hard coded an static IP address on the network previously and that IP address, but eventually gotten allocated.

If Mr. Poutine is using a burner phone, why risk using the internet connection at work when you can also get a burner wireless internet stick?

clarified
@videotron.ca

clarified

Anon

Ott_Cable. I'm playing with words here. The two Modems did not have the same IP.

The people at the election HQ had a proxy running which gave them the IP of the people on the other end of town.

But now the RCMP will look into it as a last ditch effort.... Months later where the data will now likely be gone. Because the Electron Canada investigators can't comprehend what a proxy is and don't understand how someone across town can log in someplace with an IP they were not assigned.

»www.ottawacitizen.com/li ··· ory.html

It's like Vomio stated. This investigation is meant to fail and be swept under the rug.

Ott_Cable
@teksavvy.com

Ott_Cable

Anon

I can fake give away a phone# and change CID on my VoIP all I want, but if I want to get a call from someone else then the phone # I give out better be able to reach my phone. Same problem with the IP address except every single reply packets would have the other side ringing your number.

You can spoof the orginating IP address of a packet very easily, but don't expect to be able to run any regular internal protocols without having the ack/handshaking packets coming back to you. The rest of the internet have to be able to route that reply somehow. So claiming a "proxy" can fake an IP still does not explain how the person can use it to communicate correctly.

Do it
@videotron.ca

Do it

Anon

said by Ott_Cable :

So claiming a "proxy" can fake an IP still does not explain how the person can use it to communicate correctly.

It works.
I suggest you learn it and try it. I can point you to some thing but that would likely just get this post deleted, so I won't.

Once you do learn, you will then do a 360 and slap your forehead.

Then you will become addicted to proxies and your interest will increase and then you will become evil once you have your own pool of 1000 IP's for your personal use to play with.

I get the feeling "funny" has been down this road

Le Sigh
@videotron.ca

Le Sigh to Ott_Cable

Anon

to Ott_Cable
said by Ott_Cable :

So claiming a "proxy" can fake an IP still does not explain how the person can use it to communicate correctly.

I can't believe I'm googling for you, but any and all protocols will go through the spoofed address in either direction.

»www.google.ca/search?q=w ··· HihYGYCg

»www.google.ca/search?q=w ··· H3noGgAg

»www.google.ca/search?q=w ··· GZvYC4Dw

You can search more on your own. Use your imagination. People have only been doing this since the mid 90's.

PierrePoutin
@gurutek.biz

PierrePoutin to Ott_Cable

Anon

to Ott_Cable
Hey look my IP changed by only putting an empty Pringles can on my wi-fi card. I can now get open wi-fi in France!
PierrePoutin

PierrePoutin to Ott_Cable

Anon

to Ott_Cable
OMG! A Pringle can + a wire clothes hanger shows wi-fi from the Czech Republic! The gain of my homemade antenna is way to much. I better try to just use a penny and see where I end up!

So it's true! a Pringles can can connect all the was across Guelph! Can't be a proxy like the anon dummy says!
PierrePoutin

PierrePoutin to Ott_Cable

Anon

to Ott_Cable
A Penny on my card's wi fi antenna seems better. I can only now pick up weak wireless signals in Kansas City!

I need something with less power! On the hunt...
PierrePoutin

PierrePoutin

Anon

I now have a tinfoil hat on my wifi cards to connect to an open wifi some place in Canada. Not sure where. Think it's Iweb Technologies. Think that's in Quebec. Close. Ontario here I come...

wowzerss
@videotron.ca

wowzerss to Ott_Cable

Anon

to Ott_Cable
said by Ott_Cable :

I can fake give away a phone# and change CID on my VoIP all I want, but if I want to get a call from someone else then the phone # I give out better be able to reach my phone. Same problem with the IP address except every single reply packets would have the other side ringing your number.

You can spoof the orginating IP address of a packet very easily, but don't expect to be able to run any regular internal protocols without having the ack/handshaking packets coming back to you. The rest of the internet have to be able to route that reply somehow. So claiming a "proxy" can fake an IP still does not explain how the person can use it to communicate correctly.

Don't forget you have a port(s) open for this.

You can run *any* protocol and *any* service.
said by Ott_Cable :

Why can't it be as simple as a drive-by with a high gain wifi antenna (e.g. pringles can one) or even someone living in the same building stealing WiFi for accessing/uploading to the robocaller service?

A high gain Pringles can? I really, really doubt that. Besides that would require 5 (or 6) different people running around to the other side of Guelph with an empty Pringles can. heh (had a mental image of this, made me giggle). Though the person above claims to have reach Taiwan or something with a pringles can...

There are some people in this forum who have really high gain stuff that they can wire to that residential Rogers 99-ip. But it would have to be up on a tower, be in line of sight, and cause brain cancer with the power it would pump out to be able to reach the 80-km away and then the people would have to take the tower down w/ no one noticing so that the investigators wouldn't find out.

Seem plausible to you? Does it really require Myth Busters to solve? Is it even cost effective (never mind the labour)?

I wonder if Milnoc still thinks this can't be done?

Now does anyone see the issue with the investigator scratching his head when asked in court how it could be done?

Does it seem like someone is playing dumb?