Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is it possible to uniquely identify a pc by running javascript, asp, cgi, perl, or any other scripts? I am looking for a means of identification other than cookies (these are usually deleted between sessions) or ActiveX (which most people do not trust and disable) or any other NON-unique identification such as IP's (which are usually shared).
If yes, what are some examples of scripts?
Might be useful for detecting clone accounts on forums too.
Is it possible to uniquely identify a pc by running javascript, asp, cgi, perl, or any other scripts? I am looking for a means of identification other than cookies (these are usually deleted between sessions) or ActiveX (which most people do not trust and disable) or any other NON-unique identification such as IP's (which are usually shared).
If yes, what are some examples of scripts?
Might be useful for detecting clone accounts on forums too.
Sorry, you can pretty much spoof anything, even down to MAC addresses.
Last edited by jschiwal; 08-16-2009 at 03:59 AM.
Reason: Thanks to God for spell checkers. "silhouettes" is a word that might stump a spelling bee finalist.
Sorry, you can pretty much spoof anything, even down to MAC addresses.
That won't stop sophisticated trolls then from creating another account every time they get banned. But surely, someone who goes around insulting strangers over the internet as a hobby won't be that sophisticated technically.
That won't stop sophisticated trolls then from creating another account every time they get banned. But surely, someone who goes around insulting strangers over the internet as a hobby won't be that sophisticated technically.
You'll be surprised: there are many very technically skilled trolls. Really.
It appears chase manhattan and the bank of america have found a way to uniquely identify computers:
"In a nutshell they gather 30 or so pieces of information to identify your machine and compare it to a known list of your 'trusted machines'. This includes things such as browser version, plugin versions, etc. If you've ever used bank of america for you know that the site knows who you are when you login from the same machine and performs additional challenge responses when you try logging in from another one.
(...)
You could grab those checkpoints in a similar fashion to the machineid technologies, and send them off to an ad server over ssl in a query string. If example.com hosts ads from adserver.com, then the code in example.com could fetch adserver.com code to first gather this info, dynamically generate a url and css history theft to see if that unique user has visited the specific adserver.com url. If they had visited it then the user had loaded an ad from adserver.com in the past. At that point additional JS could fire performing a request to adserver.com with the name of the URL being visited or obtain this information via a referer header. Next the user visits cnn.com it also has the same code/src include, generates the same url, css history theft compares then continues doing the same thing. The adserver company now can track without cookies which sites the specific user has visited regardless of browser or IP."
At that point additional JS could fire performing a request to adserver.com with the name of the URL being visited or obtain this information via a referer header.
As soon as you go into JS you leave it all to the computer user...
Nobody mentioned DMI decoding yet. However, how somebody might gain access to the DMI information of a particular machine (via web connection) is beyond me. I mean, it isn't something that can be accessed willy-nilly by a web browser or whatever; the information would have to be either supplied willingly, or hacked out of the machine by some means.
Note also that while DMI infomration can and would uniquely identify a machine, in order for it to do so, the information need be fully and properly filled out within the machine's BIOS, which it is not always the case. Take for example my DMI information:
Code:
bash-3.1# /usr/sbin/dmidecode
# dmidecode 2.10
SMBIOS 2.5 present.
54 structures occupying 1995 bytes.
Table at 0x000FB4F0.
<--snip-->
Handle 0x0001, DMI type 1, 27 bytes
System Information
Manufacturer: MSI
Product Name: MS-7350
Version: 1.0
Serial Number: To Be Filled By O.E.M.
UUID: Not Present
Wake-up Type: Power Switch
SKU Number: To Be Filled By O.E.M.
Family: To Be Filled By O.E.M.
Handle 0x0002, DMI type 2, 15 bytes
Base Board Information
Manufacturer: MSI
Product Name: MSI P6N SLI
Version: 1.0
Serial Number: To be filled by O.E.M.
Asset Tag: To Be Filled By O.E.M.
Features:
Board is a hosting board
Board is replaceable
Location In Chassis: To Be Filled By O.E.M.
Chassis Handle: 0x0003
Type: Motherboard
Contained Object Handles: 0
Handle 0x0003, DMI type 3, 21 bytes
Chassis Information
Manufacturer: To Be Filled By O.E.M.
Type: Desktop
Lock: Not Present
Version: To Be Filled By O.E.M.
Serial Number: To Be Filled By O.E.M.
Asset Tag: To Be Filled By O.E.M.
Boot-up State: Safe
Power Supply State: Safe
Thermal State: Other
Security Status: None
OEM Information: 0x00000000
Height: Unspecified
Number Of Power Cords: 1
Contained Elements: 0
<--snip-->
Besides, a determined person *could* alter this information too, on their own machine.
I don't believe there's a GUARANTEED way that will work EVERY time.
Note also that while DMI information can and would uniquely identify a machine, in order for it to do so, the information need be fully and properly filled out within the machine's BIOS, which it is not always the case.
That's an understatement. Luckily the manual page reads: "More often than not, information contained in the DMI tables is inaccurate, incomplete or simply wrong." But what if it's not a PC, a PC before 1998, a PC before 2000, or how about virtualization BIOS, dmidecode being fux0red, the BIOS call being fux0red or not getting the DMI table address anyway?..
@Ulysses_: JS is client-side, i can just disable it or/and have things like AdBlock and NoScript installed.
What if the site forces you to have JS enabled, java enabled, flash enabled, etc, etc? And crucially, if it does so without anything popping up asking for permission. That wouldn't put off too many people.
Would you be a member of this forum if flash, java, javascript had to be enabled? Then the versions of all these, plus other info such as the info used by the banks (see above), would make up an almost unique id.
And crucially, you wouldn't know what the id is made up from, so it would take ages for any troll to work out what features to re-install (addins, extensions etc) - enough to put off all but the most terminal cases of hateful troll.
Any forum that required that Adblock and NoScript not be used would eliminate a huge amount of the community one wants on a forum. One of the first things most security people suggest is that you shut off flash and javascript, so you will be going against the grain right from the start. If a troll wants in bad enough they will get in. If you make them jump through too many hoops they are more likely to get irritated to the point that they will do more than just troll.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.