Abstract

Traceability on the Internet is the process of determining who was using a particular IP address at a particular time. In this talk I will show how fuzzy this idea becomes at the edges of the network when users are on an Ethernet — a broadcast medium — where the notion of identity becomes a matter of agreement rather than immutable fact. The hacker community has long known about ARP spoofing; but I’ve found a new trick. As a part of my PhD work I built some hardware that permitted one machine to borrow someone else’s IP address and Ethernet MAC address and thereby impersonate them, even when they were actively using their machine. Then, by chance, I found that I’d taken far too complicated an approach — and modern software firewalls, that are supposed to make you more secure — permit others to impersonate you with impunity. This has significant implications not only for traceability, but also for the builders of NATs, and especially for the business models of those who overcharge for their WiFi hotspots.